Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions
CheckPoint
Security researchers are tracking a large uptick in malware-infected Android phones running a specific kind of software that clicks ads, installs unauthorized apps and monitors phone usage… all without the phones’ users knowing.
As many as 10 million phones worldwide have been infected with the click fraud malware (known by several names, including Hummingbad and Shedun), and its operators are earning $300,000 per month from its phoney ad engagements and payments from firms seeking inflated traffic numbers.
The malware reportedly originates within China from a group called Yingmob that, according to one of the security companies tracking the fraud, operates in tandem with a legitimate mobile ad analytics firm.
In a blog post reporting its findings, security research firm CheckPoint said “this steady stream of cash, coupled with a focused organizational structure, proves cyber criminals can easily become financially self-sufficient.
“Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate. For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly-targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder.”
Kristy Edwards, a director at Lookout, another security firm tracking the malware, says the software is also “masquerading as legitimate apps” such as Facebook, Twitter and WhatsApp.
Lookout claims to have first identified his malware in November 2015. “We have observed a recent spike in Shedun detections on Lookout’s mobile threat network. We believe this is attributable to the authors building new functionality or distributing the malware in new ways.”
According to the BBC, the majority of the 10 million compromised phones are in China, with significant numbers also present in India and the Philippines.
Researchers believe Android phones running outdated operating systems are vulnerable to the malware, which burrows into the most essential levels of a phone’s coding, making it difficult to detect and remove.
“We’ve long been aware of this evolving family of malware and we’re constantly improving our systems that detect it,” said Google, in a statement. “We actively block installations of infected apps to keep users and their information safe.”
