Hummingbad

Last updated

HummingBad is Android malware, discovered by Check Point in February 2016. [1]

In July 2016, researchers from security firm Check Point Software said the malware installs more than 50,000 fraudulent apps each day, displays 20 million malicious advertisements, and generates more than $300,000 per month in revenue. [2] [3] The research pointed out the Yingmob group, previously accused of being responsible for the Yispecter iOS malware, as responsible for the attack. [4]

Lookout claimed the HummingBad malware was also a part of the Shedun family, however, these claims were refuted. [5] [6]

The most infected region was Asia which included China, India, Philippines, Indonesia and Turkey as the top countries. [7]

See also

Related Research Articles

An over-the-air update, also known as over-the-air programming, is an update to an embedded system that is delivered through a wireless network, such as Wi-Fi or a cellular network. These embedded systems include mobile phones, tablets, set-top boxes, cars and telecommunications equipment. OTA updates for cars and internet of things devices can also be called firmware over-the-air (FOTA). Various components may be updated OTA, including the device's operating system, applications, configuration settings, or parameters like encryption keys.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

<span class="mw-page-title-main">Android (operating system)</span> Mobile operating system

Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008.

<span class="mw-page-title-main">Mobile security</span> Security risk and prevention for mobile devices

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

<span class="mw-page-title-main">Android Debug Bridge</span> Tool for debugging Android-based devices

The Android Debug Bridge is a programming tool used for the debugging of Android-based devices. The daemon on the Android device connects with the server on the host PC over USB or TCP, which connects to the client that is used by the end-user over TCP. Made available as open-source software under the Apache License by Google since 2007, features include a shell and the possibility to make backups. The adb software is compatible with Windows, Linux and macOS. It has been misused by botnets and other malware, for which mitigations were developed such as RSA authentication and device whitelisting.

<span class="mw-page-title-main">Google Play</span> Digital distribution service by Google

Google Play, also known as the Google Play Store and formerly Android Market, is a digital distribution service operated and developed by Google. It serves as the official app store for certified devices running on the Android operating system and its derivatives, as well as ChromeOS, allowing users to browse and download applications developed with the Android software development kit (SDK) and published through Google. Google Play has also served as a digital media store, offering games, music, books, movies, and television programs. Content that has been purchased on Google Play Movies & TV and Google Play Books can be accessed on a web browser and through the Android and iOS apps.

Dexter is a computer virus or point of sale malware which infects computers running Microsoft Windows and was discovered by IT security firm Seculert, in December 2012. It infects PoS systems worldwide and steals sensitive information such as Credit Card and Debit Card information.

Google Play Services is a proprietary software package produced by Google for installation on Android devices. It consists of background services and libraries for use by mobile apps running on the device When it was introduced in 2012, it provided access to the Google+ APIs and OAuth 2.0. It expanded to cover a variety of Google services, allowing applications to communicate with the services through common means.

<span class="mw-page-title-main">Wear OS</span> Version of Googles Android operating system for wearable devices

Wear OS is a version of Google's Android operating system designed for smartwatches and other wearables. By pairing with mobile phones running Android version 6.0 "Marshmallow" or newer, or iOS version 10.0 or newer with limited support from Google's pairing application, Wear OS integrates Google Assistant technology and mobile notifications into a smartwatch form factor.

<span class="mw-page-title-main">Windows 10 Mobile</span> Mobile operating system developed by Microsoft

Windows 10 Mobile is a discontinued mobile operating system developed by Microsoft. First released in 2015, it is a successor to Windows Phone 8.1, but was marketed by Microsoft as being an edition of its PC operating system Windows 10.

WireLurker is a family of malware targeting both macOS and iOS systems. The malware was designed to target users in China that use Apple mobile and desktop devices. The malware was suspected of infecting thousands of Chinese mobile devices. The security firm Palo Alto Networks is credited with uncovering the malware.

<span class="mw-page-title-main">Juice jacking</span> Mobile security risk

Juice jacking is a theoretical type of compromise of devices like smartphones and tablets which use the same cable for charging and data transfer, typically a USB cable. The goal of the attack is to either install malware on the device, or to surreptitiously copy potentially sensitive data. As of April 2023 there have been no credible reported cases of juice jacking outside of research efforts.

XcodeGhost are modified versions of Apple's Xcode development environment that are considered malware. The software first gained widespread attention in September 2015, when a number of apps originating from China harbored the malicious code. It was thought to be the "first large-scale attack on Apple's App Store", according to the BBC. The problems were first identified by researchers at Alibaba, a leading e-commerce firm in China. Over 4000 apps are infected, according to FireEye, far more than the 25 initially acknowledged by Apple, including apps from authors outside China.

Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious and unwanted software. The malware appears to have been discovered in September 2015 by the security research lab at Cheetah Mobile, who subsequently developed diagnostic software to determine whether a device has been compromised. As of September 2015, twenty variants were in circulation. Latter day versions employed routines which made them harder to detect and remove.

Shedun is a family of malware software targeting the Android operating system first identified in late 2015 by mobile security company Lookout, affecting roughly 20,000 popular Android applications. Lookout claimed the HummingBad malware was also a part of the Shedun family, however, these claims were refuted.

GingerMaster is malware that affects Android operating system version 2.3. It was first detected in August 2011.

<span class="mw-page-title-main">Dirty COW</span> Computer security vulnerability

Dirty COW is a computer security vulnerability of the Linux kernel that affected all Linux-based operating systems, including Android devices, that used older versions of the Linux kernel created before 2018. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel's memory-management subsystem. Computers and devices that still use the older kernels remain vulnerable.

LineageOS is an Android-based operating system for smartphones, tablet computers, and set-top boxes, with mostly free and open-source software. It is the successor to CyanogenMod, from which it was forked in December 2016, when Cyanogen Inc. announced it was discontinuing development and shut down the infrastructure behind the project. Since Cyanogen Inc. retained the rights to the Cyanogen name, the project rebranded its fork as LineageOS.

Xafecopy Trojan is a malware software targeting the Android operating system, first identified in September 2017 by cybersecurity and antivirus provider Kaspersky Lab. According to Kaspersky Lab, Xafecopy infected at least 4,800 users within a month in approximately 47 countries. Users in India were its primary victims, followed by users from Russia, Turkey, and Mexico.

<span class="mw-page-title-main">AdGuard</span> Ad blocking and privacy protection software

Developed by AdGuard Software Limited, AdGuard offers open source, free, and shareware products. AdGuard's DNS app supports Microsoft Windows, Linux, macOS, Android and iOS. AdGuard is also available as a browser extension.

References

  1. "HummingBad: A Persistent Mobile Chain Attack". checkpoint.com. 4 February 2016. Retrieved 9 October 2016.
  2. Dan Goodin - Jul 7, 2016 5:50 pm UTC (2016-07-07). "10 million Android phones infected by all-powerful auto-rooting apps". Ars Technica. Retrieved 2016-10-02.
  3. "From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android Malware Campaign". Check Point Blog. 2016-07-01. Retrieved 2016-10-09.
  4. "YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs - Palo Alto Networks Blog". Palo Alto Networks Blog. 2015-10-04. Retrieved 2016-10-09.
  5. "Another month, another new rooting malware family for Android". elevenpaths.com. Retrieved 9 October 2016.
  6. "DIY Attribution, Classification, and In-depth Analysis of Mobile Malware". checkpoint.com. 11 July 2016. Retrieved 9 October 2016.
  7. Goodin, Dan (7 July 2016). "10 million Android phones infected by all-powerful auto-rooting apps". Ars Technica.