“Yingmob
may be the first group to have its high degree of organization and financial
self-sufficiency exposed to the public, but it certainly won't be the last”
Israeli based security
company Checkpoint commenting on the HummingBad malware affecting some
Not
all hummingbirds are Jamaica's National Bird. Some might be Chinese malware.
So
says Israeli based security company Checkpoint who claim HummingBad malware has
infected some 10 million smartphones since February 2016 as noted in the
article “10
million Android devices reportedly infected with Chinese malware”,
published July 5, 2016 by Daniel Van Boom, CNET
News.
Most
of the victims of the attack are in the following counties:
1.
1.6 million in China
2.
1.35 million in India
3.
288,800 devices in the USA
4.
100,000 in UK
5.
100,000 in Australia
Smartphones
in Philippines, Indonesia and Turkey as HummingBad mainly targeted smartphones
users in this region. But what makes this attack so surprising is that it's a
legitimate developer, Yingmob that developed the HummingBad rootkit.
Yingmob
is a legitimate and very profitable advertising analytics agency based in
Beijing, China to quote CheckPoint:
“Yingmob has several teams developing legitimate tracking and ad
platforms. The team responsible for developing the malicious components is the
'Development Team for Overseas Platform' which includes four groups with a total
of 25 employees”.
All
in all, security analyst Checkpoint estimates that some 85 million smartphones
worldwide use their software but only 10 million have the malware.
So
how does the HummingBad rootkit work?
Checkpoint’s assessment
of HummingBad - Ads and spyware in Google Android smartphones Hack of 2016
HummingBad
was originally malware that infected smartphones via persons visiting infected
websites.
Once
your smartphone was infected, it then self-installed and used its access to
generate US$300,000 per month worth of ad revenue by forcing people to click on
ads and download app they had no interest to download. It can potentially be
used to commandeer your smartphones effectively making your smartphone
potentially part of a very large DDOS (Distributed Denial of Service) Botnet
attack in the future.
This
was made possible by the HummingBad software, basically a rootkit virus,
gaining access via silent installation of a fake notification to have the user
grant their permission to install it to quote Checkpoints software: “The first
component attempts to gain root access on a device with...rootkit [software]
that exploits multiple vulnerabilities. If successful, attackers gain full access
to a device. If rooting fails, a second component uses a fake system update
notification, tricking users into granting HummingBad system-level
permissions”.
Aside
from ads being forced upon you for monetary gain, there is also the keylogger capturing
and reselling of information typed on the phone such as:
1. Names
2. Address
3. Logins
and passwords
4. Telephone
numbers from you contacts list
5. Emails
6. Social
media handles
7. Credit
Card information
This
is basically a massive feeding tree of information, most likely collected to be
sold on the Dark Web and possibly to legitimate ad networks. Good to note not
all of the 85 million infected were Malware; some just collected the
information as mentioned above.
It then spreads itself through these vectors, making the HummingBad rootkit possibly one of the most virulent smartphone viruses seen to date since they discovered the Certifi-gate vulnerability back in August 2015 a year ago as noted in my blog article entitled “Check Point Software Technologies discover Certifi-gate – How to Control an Android Lollipop smartphone and Why fragmentation is at fault”.
The
coming of HummingBad fits with the predicted shift towards smartphone hacking
and a move away from spamming via email as predicted in my blog article
entitled “@symantec's
June 2015 Intelligence Report says Spam down 50 percent as Smartphones Hacking
Rises”.
But
at this rate it's spreading and with no protection other than Google Patches
and a factory reset as described in the article “HummingBad
malware infects 10m Android devices”, published Wednesday 6 July 2016 by
Samuel Gibbs, The UK Guardian, we
may potentially be seeing the coming of possibly the greatest Google Android
smartphones Hack of 2016!
No comments:
Post a Comment