The HummingBad virus is reported to have affected 10 million Android devices so far, according to a report by Check Point, a software security company.
The malware is said to have been the work of a Chinese gang — or at least a Chinese mobile ad server — called the Yingmob, which generates $300,000 a month in fraudulent ad revenue.
Check Point says Yingmob displays a very high level of sophistication and technical ability. The report notes the following:
- HummingBad installs more than 50,000 fraudulent apps per day
- The apps display more than 20 million advertisements per day
- Yingmob achieves a high click rate of 12.5 per cent with illegitimate methods, resulting in over 2.5 million clicks per day
HummingBad was first discovered in February 2016 and is said to establish a persistent rootkit on Android devices. It generates fraudulent ad revenue, and installs additional fraudulent apps, says Check Point.
The Check Point report concludes: “Yingmob may be the first group to have its high degree of organization and financial self-sufficiency exposed to the public, but it certainly won’t be the last.
“Check Point believes this dangerous trend will escalate as other groups learn from Yingmob and find new ways to achieve the independence they need to launch larger and more sophisticated attack campaigns in the future.”