HummingBad malware infects 10 million Android phones, produces up to $300,000 a month in ad revenue

HummingBad malware infects 10 million Android phones, produces up to $300,000 a month in ad revenue
According to a cyber security software firm named Check Point, malware called HummingBad has infected more than 10 million Android devices. Interestingly, the developers behind HummingBad work at Yingmob, a multi-million dollar company that deals with advertising analytics in China. The malware can take over an Android device by obtaining root access using rootkit. If that fails, the malware tries to trick a phone's owner into giving it system-level permissions, by using fake update notifications.

Once the phone's owner loses control of the device, the malware clicks on ads and downloads apps without permission, seeking to generate advertising revenue. The malware has generated as much as $300,000 per month. The group also sells access to phones and gives away information stored on them. According to Check Point, 85 million smartphones have Yingmob's apps installed on them, although the percentage of those with the malicious software inside is much smaller. China (1.6 million devices) and India (1.35 million) are the two locations with the most infected devices. In the U.S., that number is 288,800 units.

Check Point has been monitoring the malware since discovering it in February. Yingmob's 'Development Team for Overseas Platform' is said to be the group responsible for the malware, and is made up of 25 people.

source: CNET



1. Subie

Posts: 2353; Member since: Aug 01, 2015

Wow, that sucks. Wish the article mentioned how users get this particular malware to begin with though.

6. Arch_Fiend

Posts: 3951; Member since: Oct 03, 2015

I would Imagine it happens when you download one of Yingmob's apps. usually malware is spread through infected apps some found on the play store but most are on 3rd party app stores, you can also pick them up from downloading anything from your phones browser, be it music or whatever. Just say away from the suspected company's apps and don't use any 3rd party app stores and you should be fine.

13. sgodsell

Posts: 7204; Member since: Mar 16, 2013

This is one of those things. What happens in Vegas stays in Vegas. CNET said it's in China. Besides that, this article is from Alan F. Which means he always paints Android with a negative brush. How's your WP doing Alan?

17. AlikMalix unregistered

I agree, these things (whenever there's a report of malware or w/e) seem to only affect users in China.

26. sgodsell

Posts: 7204; Member since: Mar 16, 2013

Alan F. Clearly forgot to mention that part from the original article. Not to mention 10 million Android users doesn't even equate to 1% of the users. Not to belittle any malware, but it's like they are searching for things to find to always say that Android is bad. Yet it holds over 80% of the world.

41. Unordinary unregistered

Even if it affected 10,000 people, it's bad. Malware is malware. OEMS needs to LESSEN this issue. (Not fix, because nothing is impenetrable)

48. marorun

Posts: 5029; Member since: Mar 30, 2015

2015 ios had more malware infection than 2009 to 2014 together most probably 1% iOS user gotten infected so sorry apple not so good anymore.

36. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

The main reason is google play store are ban in china. Their users must depend on mainland third parties app store. Suck for them.

49. marorun

Posts: 5029; Member since: Mar 30, 2015

agreed, Apple too have lots of malware in ios in china store...

56. krystian

Posts: 423; Member since: Mar 16, 2016

Actually they have found a lot of them on the play store. And they are usually games or something of that nature. And you typically will see an app has lots of downloads so you will think it's safe but you can't tell these days.

58. marorun

Posts: 5029; Member since: Mar 30, 2015

7 years using android. only download from google play store. never had 1 single malware. So sorry easy to tell thats those news are fear mongering.

37. MrLove

Posts: 28; Member since: Jul 05, 2016

Thats why Android is a terrible OS. So much lag and malware.

50. marorun

Posts: 5029; Member since: Mar 30, 2015

7 years i use android phone never gotten one malware so MrLove try again. Been working for Telus in Canada since 6 years (cellphone providers ) and easily less than 10 clients came to me for malware on android and about 3-4 for iphone. So lets not exagerate reality. As someone else said. 95% of all malware come from third party store from china ect and even apple iphone have more malware in china than any others countries put together.

40. Unordinary unregistered

By having an Android device, duh. LOL

46. RebelwithoutaClue unregistered

In the original article it states: HummingBad began as a "drive-by download attack," in which phones were infected when people visited websites So most phones that use the Play store and have Unknown sources off by default, should be safe

53. Mxyzptlk unregistered

Seems like a hint of denial. This doesn't change the point, which btw, Play Store isn't an unknown source, clueless one.

54. lolatfailphones

Posts: 224; Member since: Apr 08, 2013

Don't own him anymore plz lol

64. Mxyzptlk unregistered

I'll try to go easy on him.

67. RebelwithoutaClue unregistered

Finally... a new joke and it's a hilarious one lol

69. Mxyzptlk unregistered

There there, it's ok. The big ole meanie, Mxy, won't hurt your feelings too badly.

71. RebelwithoutaClue unregistered

Haha and you call me clueless, but it's hilarious you think so dear :) You should change your avatar to Dracula from Hotel transylvania, you remind me of him (blehdieblehbleh)

73. Mxyzptlk unregistered

Perhaps you should change your avatar to something besides the Vin Diesel look. As for me dying, I'm dying laughing.

75. RebelwithoutaClue unregistered

Haha thanks for the compliment.

55. RebelwithoutaClue unregistered

Reading isn't your strong point, is it. I never said the Play store is an unknown source. I said smartphones that use the Play store AND have the unknown source settings off, should be safe from this malware. So no denial at all, just common sense, which you seem to lack in so many situations. But hey at least you have that joke

65. Mxyzptlk unregistered

I did read your comment, clueless one. The only thing you're forgetting is that the Play Store has had vulnerabilities in past. And don't forget about Stagefrightgate.

66. RebelwithoutaClue unregistered

And I am not ruling them out, but in THIS case, sticking to Playstore and unknown sources off should be safe. We were talking about HummingBad here. But once again, bad reading and interpreting on your side. You need to stop going easy on me, you're making it way to easy again for me ;)

70. Mxyzptlk unregistered

But that defeats the purpose of owning an android device because you can't find all apps on the Play Store like the Adblock apps. And don't forget about Amazon app store, which btw, you have to have unknown sources unchecked. I understand, you're making excuses for Android not being as secure as you think. ;) this all could have been avoided if you just had a clue.

72. RebelwithoutaClue unregistered

And once again you make assumptions. I never claimed Android doesn't have its security faults. I only stated in THIS case, you would be safe. And if you want apps like Adblock apps, you normally know what you're doing. This means staying away from untrusted sites, it also means installing supersu, so not just any app can give itself root privileges. But it is rich that you talk about third party app stores, when your beloved Apple doesn't even have that (without JB). And with JB iOS is also more insecure.

74. Mxyzptlk unregistered

Took you long enough. I was beginning to wonder if you were ever going to bring Apple up just to deflect from the point. I would believe your word but you've done this before in similar articles in the past.

76. RebelwithoutaClue unregistered

blehdieblehbleh ;)

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.