How To Detect HummingBad, Removal Of Malware Not Difficult, But A Major Hassle
Many Android users are searching for “how to detect HummingBad:” removal of the malware isn’t difficult, but according to Check Point Software Technologies, the group that first detected HummingBad, unless stopped before infecting a system, a factory reset is the best option.
After first detecting the malware in February, Check Point reports that it suspects that HummingBad has been installed on 85 million devices worldwide and that a criminal group known as “Yingmob” has been able to generate $300,000 per month in “fraudulent ad revenue” by installing bogus apps on up to 50,000 Android devices per day.
Check Point has published an entire report on how the researchers came to detect HummingBad and understand the group behind the malware.
It has been suggested that advanced Android users may be able to save a system infected with HummingBad, but that most users will be better served backing up their documents, photos, music, and other files, and then resetting their devices to their factory settings using the Android reset function.Android users can reset their devices to the original factory settings by choosing “Privacy” under the “Settings” menu. Make sure to back-up files first.
Security apps available from companies like ZoneAlarm, Lookout, and Avast are reported to be able to detect HummingBad before it has a chance to install on Android devices.
HummingBad is said to work its way onto users’ Android devices alongside legitimate software, making use of all the same resources real apps do. Once infected, the group behind HummingBad is said to gain access to all of users’ data. Check Point has even been able to pinpoint the address of one of the groups working within Yingmob, in China. The team is said to be responsible for three lines that include six malware “products,” including “Hummer launcher” and “Hummer offers.”
Worldwide, China has, by far, the largest number of Android devices where researchers detect HummingBad, with 1.6 million. India is next, with 1.4 million, followed by the Philippines, with 520,901. There are reported to be 286,800 Android devices on which HummingBad is thought to be detected in the United States. Figures are not available for Canada.
Android devices running the KitKat and Jelly Bean versions make up the great majority, 50 percent and 40 percent respectively, where researchers are reported to have been able to detect HummingBad malware. Only as small number of Marshmallow-, Ice Cream Sandwich-, and Lollipop-version Android devices have been found infected with HummingBad: 1 percent, 2 percent, and 7 percent respectively.The network thought to be displayed by HummingBad is reported to display 20 million advertisements each day, generating fraudulent revenue of $300,000 per month. According to Check Point, using these methods, Yingmob, through the use of HummingBad, achieves click-through rates of 12.5 percent and installs more than 50,000 “fraudulent apps per day.”
“While profit is powerful motivation for any attacker, Yingmob’s apparent self-sufficiency and organizational structure make it well-positioned to expand into new business ventures, including productizing the access to the 85 million Android devices it controls. This alone would attract a whole new audience — and a new stream of revenue — for Yingmob. Quick, easy access to sensitive data on mobile devices connected to enterprises and government agencies around the globe is extremely attractive to cybercriminals and hacktivists.”
Android users, especially those who download apps, are encouraged to research them thoroughly before use. Users are also encouraged to install mobile security apps to detect HummingBad on devices currently running Android and keep them free of malware in the future. Thankfully, according to the numbers provided by Check Point, not many users in the United States or Canada will need to reset their Android devices to and perform a HummingBad removal.
[Photo by Chung Sung-Jun/Getty Images]