More than 10 million Android smartphones and tablets worldwide – 260,128 in Thailand – have been infected with a particularly nasty piece of malware dubbed HummingBad.
According to cyber security firm Check Point, the HummingBad malware is capable of taking control of an Android smartphone or tablet in order to steal personal information and data including that from email accounts, contacts and online banking information, which can enable cyber criminals behind the malware to carry out identity theft.
The malware infects phones if the user happens to browse on the wrong site in what is known as a drive by download attack. HummingBad then tries to gain root access to the smartphone or tablet in an attempt to take full control of the device. If if is unable to gain root access then it tricks the users into handing over control by a push notification which asks to “update” the device.
Once a device is infected, HummingBad downloads unauthorised apps and taps on advertising links in order to generate fraudulent advertising revenue.
Check Point says that it has been aware of the malware since earlier this year after it linked it to cyber criminals in China known as Yingmob who masquerade as a multi million dollar advertising and analytics agency.
Devices first started being infected in February with a spike in cases in May and June of this year, the company said.
According to Check Point, the HummingBird malware generates more $300,000 in advertising revenue each month through forced ad clicks and illegal app downloads.
Check Point talks about a Yingmob as a highly organised and professional outfit, which employs 25 staff focused on creating malware.
“Accessing these devices and their sensitive data creates a new and steady stream of revenue for cybercriminals,” Check Point said.
“Emboldened by financial and technological independence, their skillsets will advance – putting end users, enterprises, and government agencies at risk.”
Nearly half of the the devices infected are running Android Kitkat, with almost 40 percent running Android Jellybean, 7 percent running Android Lollipop, 2 percent Ice Cream Sandwich and 1 percent running Marshmallow.
The vast majority of the infected devices are in China and India with 1.6 million and 1.35 million cases respectively. Check Point says more than 260,000 smartphones and tablets have been infected in Thailand, which is in the top 10 countries with the highest number of infected devices.
Commenting on HummingBad, a Google spokesperson reportedly told CNET that it is “aware of this evolving family of malware and we’re constantly improving our systems that detect it”
“We actively block installations of infected apps to keep users and their information safe.”