How to check if your phone is infected with the HummingBad Android malware


The HummingBad Android malware is estimated to have infected more than 10 million devices worldwide and is reported to be one of the worst strains of malware to target the Android eco-system.

Created by a Chinese advertising company, the number of infected devices is expected to rise, with as many as 85 million devices at risk.

Here’s all you need to know about the HummingBad Android malware and how to check if your device is infected.

Who’s responsible for this and why did they do it?

According to cyber security firm Check Point, HummingBad was created by a Chinese advertising company called Yingmob. The main purpose of the malware is to generate fraudulent ad revenue as part of a practice known as click fraud.

You may be familiar with click fraud if the web browser on your PC or laptop has ever been infected with one of those annoying toolbars or if words on a webpage suddenly start appearing to be linked. Both of these methods have been used by cyber criminals to deliver ads to your computer in the hope that you will click on some and generate ad revenue.

However, HummingBad is much worse and is capable of gaining root access to your device, which then sends data back to servers controlled by Yingmob.

In theory, this gives them access to anything and everything on your phone from contacts and photos to bank details and passwords. In addition to generating money from the click fraud, they could also sell your personal data to other cyber criminals on the dark web.

It could also be used as part of a ransomware attack, essentially locking down your smartphone and holding your files and personal data hostage until you pay a ransom.

Are you at risk from HummingBad?

This all depends on if you have downloaded apps outside of the Google Play Store.

Check Point stated that it has not found any infected apps on Google Play with the vast majority of infections coming on devices that installed app or games from third party sources.

You should also avoid downloading any files from sources you are unsure about, do not recognise or do not trust.

According to Check Point, Thailand is one of the countries most affected by HummingBad, although the most amount of cases are in China and India.

Of the devices infected, most are running older versions of Android such as Jelly Bean and KitKat.

How to prevent HummingBad infecting your device?

The four main ways of avoiding the HummingBad malware are:

  1. Do not download apps outside of the Google Play Store
  2. Make sure anti virus software is installed on your device
  3. Make sure your version of Android is up to date
  4. Make sure all apps are up to date

How can you tell if HummingBad has already infected your device?

The first sign that HummingBadd has already infected your Android smartphone or tablet is that unusual looking ads will suddenly start being displayed.

You are also likely to receive a push notification urging you to download a new ‘system update’ or to download an app.

You may also start finding apps installed on your device that you didn’t download and the performance of your smartphone may suddenly take a turn for the worse.

The battery may drain much faster than normal or the device may become unresponsive or it may take longer to open other apps. Your mobile data could also be quickly drained so be on the lookout for that.

What if your device is already infected with HummingBad infecting your device?

If you haven’t already installed anti virus software on your device, now is the time to do so. Here are a few antivirus apps that will help to keep your device safe. Other popular security apps include Avast, AVG AntiVirus, Norton Security and Malwarebytes.

However, if you are infected, then installing an anti virus app and running a virus scan might not be good enough.

You may need to do a complete factory reset to wipe your phone of the malware and essentially start over again from scratch.

If you decide on a factory reset then it is also a good idea to change the password for you Google account beforehand (you’ll need to do this from a computer). That way, anyone who tries to access your phone after the rest will need to provide new login credentials.

Google’s support forum gives instructions on how you can carry out a factory reset. Be warned though – after a factory reset there is no getting your data back.


Comments are closed.