- Influencer Destiny Marquez faces backlash for berating Forever 21 employee 3 Years Ago
- Chelsea Handler tackles system racism in ‘Hello Privilege. It’s Me, Chelsea’ Today 9:18 AM
- Gun control proposal: Trump, lawmakers considering background check-conducting app Today 9:05 AM
- How to stream Browns vs. Jets on Monday Night Football Today 7:00 AM
- What are anons? Today 6:30 AM
- How to stream Eagles vs. Falcons on Sunday Night Football Today 6:00 AM
- How to stream ‘Power’ season 6, episode 4 Today 5:00 AM
- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
- A Missouri officer resigned after his Islamophobic Facebook posts surfaced Saturday 5:08 PM
- Adding ‘Triggered’ to stock photos of white men creates Netflix comedy special thumbnails Saturday 3:10 PM
- New restaurant in New York has a seriously unfortunate name: ‘Qanoon’ Saturday 1:38 PM
- These are the 10 best ‘Star Wars’ ships Saturday 12:41 PM
- Google Maps helped solve a decades-old missing persons case Saturday 12:27 PM
- Teen who plotted deadly swatting prank over Call of Duty argument gets prison time Saturday 11:58 AM
Advertisements on mobile devices aren’t just annoying, they can also be malicious. According to a report from cybersecurity experts, a Chinese group has spread malware to Android users that is generating over $300,000 per month in revenue.
The findings come from security firm Check Point, which started tracking the malicious virus in February. In the months since it was first discovered, the malware, knowing as HummingBad, has wormed its way onto 10 million Android devices.
Most HummingBad infections stem from “drive-by download” attacks, which download the devious software when a user visits a website that hosts it. It attempts to gain root access, allowing it to have control over every aspect of the phone. If that fails, a secondary component creates a fake system update notification that tricks users into granting the virus system-level permissions on the device.
Once installed on the phones and granted the privileges it requires to operate, HummingBad gets to work generating revenue through shady tactics, including installing additional applications on the device and injecting and displaying advertisements that make money when clicked.
Researchers at Check Point suggest the malware is making over $300,000 per month for its creator. According to Check Point, the people benefiting from HummingBad’s behavior are developers at Yingmob, a seemingly legitimate mobile advertising and analytics firm based in Beijing.
A subsidiary of the multi-million dollar advertising company MIG Unmobi Technology, Yingmob offers its services deploying pop-ups, sidebars, and in-app ads on mobile platforms. The company produces its own mobile apps, which have been installed on an estimated 85 million smartphones.
Check Point claims that a portion of Yingmob’s staff—the 25 people employed as part of the “Development Team for Overseas Platform”—is behind the HummingBad malware.
Yingmob’s noteworthy status as a genuine business makes the proposition of a secretive and malicious click farm a troubling prospect, as the team is able to dedicate an infrastructure to creating and maintaining the malicious service.
The dangers of HummingBad may run much deeper than just serving up and clicking an inordinate amount of ads; the virus can be used to collect user information to be sold or used for a variety of purposes. The group can also sell direct access to the phones that are affected.
Most of victims of HummingBad are in China, with 1.6 million affected users, and India, with 1.35 million. Users in Indonesia, the Philippines, and Turkey have also been disproportionately hit by the virus. There are nearly 290,000 instances of HummingBad in the United States.
Malware has been hitting mobile hard in recent months, as users on both Android and iOS have been targeted. Increasingly effective and malicious attacks have done everything from change PIN codes on lock screens to hijack the functions of a device while it appears to be off. Even iOS, which is generally considered to be less at risk to attack, has been affected by bad actors who managed to sneak infected code behind Apple’s walled garden of apps.
AJ Dellinger is a seasoned technology writer whose work has appeared in Digital Trends, International Business Times, and Newsweek. In 2018, he joined Gizmodo as the nights and weekend editor.