‘HummingBad’ Malware Targets Android App Downloads: How To Detect And Remove The Root Access Virus

The latest malware making the rounds on Android smartphones is called “HummingBad,” and it has already infected more than 10 million devices worldwide (including 280,000 devices in the U.S.), according to security agency Check Point.

The agency has been tracking this malware for over five months and has traced it back to a Chinese group called Yingmob. At this point, the main purpose of the HummingBad malware is to earn money for its creators; it has garnered approximately $300,000 monthly by launching malware attacks on Android devices. However, due to the nature of the virus, it is possible for HummingBad to shift to a focus of collecting sensitive information from infected phones.

Check Point detailed the history and prospects of HummingBad in a research report published last week.

What does HummingBad do?

HummingBad is malware that aims to generate money for the parent company Yingmob by forcing advertisements onto Android smartphones through downloaded applications.

After users download an app infected with HummingBad, the malware will attempt to gain root access to the device. If successful, attackers can access anything on the device.

If the attempt to gain root access is unsuccessful, HummingBad will prompt a fake system update notification to get users to grant permissions to core system files.

If a device is infected with HummingBad, it will display ads within applications and trick users into clicking them. The malware can also install other nefarious apps onto smartphones, which can similarly generate revenue through ads.

What Android smartphones are most at risk?

Devices attacked by HummingBad have primarily been those running Android Jelly Bean and Android KitKat, currently two of the oldest Google operating systems still in wide circulation.

HummingBad infections by Android system verison
HummingBad infections by Android system verison Screencap: Check Point

How will I know if my Android smartphone is infected with HummingBad?

Antivirus programs including Avast, Bitdefender, AVG and Zone Alarm are recommended for detecting HummingBad. Official app stores (including Google Play) have security features to alert users of apps that aren’t working properly for reasons such as malware infection.

Since most HummingBad attacks have occurred in China and India, it is believed most smartphones acquired the malware because users downloaded apps from unofficial app stores with lax security protocols.

What do I do if I my Android smartphone is infected with HummingBad?

Removing HummingBad from an infected smartphone requires a factory reset. A factory reset will delete the entire system and data running on a device and set it back to how it was when first purchased. It is likely users won’t be able to back up their data before resetting, to avoid the risk of re-infecting the device.

What you can do to protect your Android smartphone

  • Only download apps from official sources like the Google Play Store.
  • Only download apps from trusted developers.
  • Update your device to the latest Android software (Android 6.0 Marshmallow) if possible.
Join the Discussion
Top Stories