Chinese Ad Company Hijacks Over 85 Million Android Devices – Generates $3.6 Million
A new Android malware campaign has been found infecting over 85 million devices worldwide. The campaign has generated at least $300,000 a month for the culprits behind it, thanks to over a million pop-up adverts and app downloads.
iOS malware creators now launch an Android malware campaign
Security experts have discovered a Chinese advertising company called Yingmob being responsible for a massive scale Android malware campaign. Based in Chongqing, China, Yingmob is an advertising firm that claims to offer ad support, including text, images and video ads. The site offer easy-to-deploy advertisements that don't affect user experience. Researchers at Check Point revealed that this cyber crime group has a control over as many as 85 million devices, generating the company $300,000 per month in fraudulent ad revenue.
Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components.
The same company was previously responsible for Yispecter iOS malware. Yispecter was discovered last year by security firm Palo Alto Networks and was found targeting jailbroken AND non-jailbroken iOS devices.
The HummingBad Android malware campaign was first discovered in February 2016 that establishes "a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps," Check Point said. HummingBad infects Android devices using two different methods, by drive-by downloads and by delivering malicious payloads using adult websites.
Once it gets access to a target device, HummingBad attempts to gain root access using a rootkit, which then gives full access of the infected device to the attackers. If the attack method fails, HummingBad uses a fake system update notification to trick users into giving access to the system. After a successful installation, HummingBad proceeds to install a bucket load of fraudulent apps, generating revenue for the criminals.
Check Point estimated that the latest Android malware delivers over 20 million ads daily, achieving over 2.5 million clicks per day, making the criminals approximately $3.6 million annually!
Security firm, however, says that the "financial gain is just the tip of the iceberg," as the group could potentially use the controlled devices to carry out large scale DDoS attacks, or even sell this access to cybercriminals in the black market. Check Point hasn't offered any details of the top downloaded malicious apps, or a way out of this malware. We will be looking forward to more details as they come.
- "From HummingBad to Worse" [PDF]