Reportedly 10 million Android phones all over the world have been infected by a malicious app called Hummingbad. Developed by an otherwise legitimate app development company called Yingmob in China, Hummingbad gains root access of the infected Android device. It either gets the root access automatically or tricks you into giving it the needed system-level access and once the access is granted, it can trick your phone into generating fraudulent clicks on advertisements. According to some estimates, it is generating revenue of $300,000 per month for the developers.
Incidentally, some people are also calling it Hummingbird malware whereas it is not Hummingbird, it is Hummingbad.
The Hummingbad malware doesn’t just trick you into clicking ads, it also obtains confidential information from your Android mobile phone and then gives this information to the malware developers who sell this information then to the highest bidders.
According to the cyber security software maker Check Point based in Israel, all over the world 85 million smartphones have apps from Yingmob, although a very small margin of these apps are infected with the Hummingbad malware.
Here is a small extract from the PDF report above:
“While profit is powerful motivation for any attacker, Yingmob’s apparent self-sufficiency and organizational structure make it well-positioned to expand into new business ventures, including productizing the access to the 85 million Android devices it controls. This alone would attract a whole new audience — and a new stream of revenue — for Yingmob. Quick, easy access to sensitive data on mobile devices connected to enterprises and government agencies around the globe is extremely attractive to cybercriminals and hacktivists.”
Most of the victims are in China and India. Hummingbad malware has mostly infected the KitKat and Jelly Bean versions of Android. Only 1% of the devices running Android Marshmallow have been infected.
Is your Android phone infected with the Hummingbad malware? How to find out if your phone has the Hummingbad malware?
Hummingbad is a popular malware by now and almost every antivirus app or anti-malware app can detect Hummingbad. For example, I use AVG antivirus on my phone. You can download it for free if you haven’t already done so and run a scan. The difference between the free version and premium version is that the free version shows you advertisements and you can use the premium version without bothering with the ads.
Then there is Zone Alarm from Check Point itself that can find out if your Android phone is infected with Hummingbad.
How to remove the Hummingbad malware from your Android phone if it is already infected?
So far, while trying to find some helpful information, the best way to remove the Hummingbad malware from your Android mobile phone is to reset your mobile phone. Remember that this is an app, so if you reset your phone the malware should be gone. Even your antivirus app should help you remove the Hummingbad malware if your phone is already infective.
How to stop the Hummingbad malware from infecting your Android mobile phone?
The Hummingbad malware can easily infect rooted devices so if you have rooted devise, make sure that it is unrooted. If you see a message on your mobile phone that seeks system level access don’t click “OK” or “Yes”.
If you have been postponing upgrading your operating system, this is the right time to do so. Also, install an antivirus app on your Android mobile phone as soon as possible.
The Hummingbad malware generally downloads itself onto your mobile phone if you visit some malicious website. So don’t install Android apps from untrusted sources. Make sure that all your apps are from either Google Play Store or the trusted Play Store from your own manufacturer.