- Elon Musk seriously just hosted PewDiePie’s meme review Friday 6:27 PM
- Netflix throws ‘Umbrella Academy’-themed wedding for fans Friday 4:54 PM
- Report: Facebook collects app data on users’ body weight, menstrual cycles Friday 3:38 PM
- Amy Klobuchar reportedly ate salad with a comb, and Twitter’s got questions Friday 2:47 PM
- Nobody likes Spotify’s new update Friday 2:34 PM
- Student assaulted on campus while tabling for right-wing group Friday 1:56 PM
- Kim Kardashian West sues fashion company for using her likeness to sell clothes Friday 1:12 PM
- The Oscar-nominated movies you’ll actually want to watch again Friday 12:56 PM
- Viral graphic shows the moment Apple became the top brand Friday 12:27 PM
- Jake Paul calls out KSI for a YouTube boxing match Friday 11:31 AM
- This elementary school made students play ‘runaway slave’ Friday 11:20 AM
- ‘Captain Marvel’ is already a box office hit Friday 11:06 AM
- This ‘buff bunny vs. small bunny’ meme is here for when you’re feeling inferior Friday 10:53 AM
- Ocasio-Cortez slams trolls who come at her with ‘weak’ memes Friday 10:52 AM
- YouTube just made it awfully easy to harass creators Friday 10:16 AM
The malware may have come from an advertising agency.
Advertisements on mobile devices aren’t just annoying, they can also be malicious. According to a report from cybersecurity experts, a Chinese group has spread malware to Android users that is generating over $300,000 per month in revenue.
The findings come from security firm Check Point, which started tracking the malicious virus in February. In the months since it was first discovered, the malware, knowing as HummingBad, has wormed its way onto 10 million Android devices.
Most HummingBad infections stem from “drive-by download” attacks, which download the devious software when a user visits a website that hosts it. It attempts to gain root access, allowing it to have control over every aspect of the phone. If that fails, a secondary component creates a fake system update notification that tricks users into granting the virus system-level permissions on the device.
Once installed on the phones and granted the privileges it requires to operate, HummingBad gets to work generating revenue through shady tactics, including installing additional applications on the device and injecting and displaying advertisements that make money when clicked.
Researchers at Check Point suggest the malware is making over $300,000 per month for its creator. According to Check Point, the people benefiting from HummingBad’s behavior are developers at Yingmob, a seemingly legitimate mobile advertising and analytics firm based in Beijing.
A subsidiary of the multi-million dollar advertising company MIG Unmobi Technology, Yingmob offers its services deploying pop-ups, sidebars, and in-app ads on mobile platforms. The company produces its own mobile apps, which have been installed on an estimated 85 million smartphones.
Check Point claims that a portion of Yingmob’s staff—the 25 people employed as part of the “Development Team for Overseas Platform”—is behind the HummingBad malware.
Yingmob’s noteworthy status as a genuine business makes the proposition of a secretive and malicious click farm a troubling prospect, as the team is able to dedicate an infrastructure to creating and maintaining the malicious service.
The dangers of HummingBad may run much deeper than just serving up and clicking an inordinate amount of ads; the virus can be used to collect user information to be sold or used for a variety of purposes. The group can also sell direct access to the phones that are affected.
Most of victims of HummingBad are in China, with 1.6 million affected users, and India, with 1.35 million. Users in Indonesia, the Philippines, and Turkey have also been disproportionately hit by the virus. There are nearly 290,000 instances of HummingBad in the United States.
Malware has been hitting mobile hard in recent months, as users on both Android and iOS have been targeted. Increasingly effective and malicious attacks have done everything from change PIN codes on lock screens to hijack the functions of a device while it appears to be off. Even iOS, which is generally considered to be less at risk to attack, has been affected by bad actors who managed to sneak infected code behind Apple’s walled garden of apps.
AJ Dellinger is a seasoned technology writer whose work has appeared in Digital Trends, International Business Times, and Newsweek. In 2018, he joined Gizmodo as the nights and weekend editor.