Hummer Malware Makes Cybercriminal Rich by Infecting 1.4 Million Devices a Day

For those who are on the fence about how lucrative cybercrime can be, Cheetah Mobile Security Research Lab has some information that should push you over to one side of said fence. In a new report, the security firm found that the developer of the Hummer malware family of apps made over $500,000 per day at the peak of the malware’s activity.

Hummer infects Android devices by masquerading as mobile apps such as WhatsApp, Facebook, and Uber and the number of infections is on the rise. In the first half of the year, this Trojan infected around 1.4 million devices each day, making it the #1 mobile trojan in the world while netting the developer $.50 per infection. It obtains administrator privileges and subsequently displays those dreaded popup ads. But it gets its big money by installing online banking malware and then draining the account right into their pockets.

As always, it’s advised to only download and install apps from your device’s official App stores. In the case of Android, this is the Google Play Store.  But don’t think that Androids are the only mobile devices at risk. While this particular one infects those, there are plenty of others that target iOS devices. Two that made Nokia’s top 20 list of mobile malware were XcodeGhost (a malicious version of an app development tool) and FlexiSpy (an app that allows recording of activity on a device).

Anti-malware is not just for PCs anymore. Make sure you have downloaded an anti-malware app from a reputable source and keep it updated on your mobile devices too. The same goes the notification that one is available. Don’t forget about your internet-connected devices at home like smart TVs, your climate control, and music system, to name a few. Anything that exploits a vulnerability on any of these devices can roam your home network and infect others and potentially do a lot of damage.

This malware and others don’t just try to steal information such as banking credentials. They also consume a lot of data. This can cost you money in data overage fees. One Cheetah test found that Hummer accessed the network 10,000 times and ultimately consumed over 2GB of network traffic. It also uses up your battery life in the process.

This malware cannot be removed by performing a factory reset on the device. In addition, not all anti-virus tools will get rid of it. However, there are some that will. If you suspect it’s on your device, do some thorough research to find out which ones do and get one of them. Make sure it’s from a reputable developer and read the reviews. If it’s no good or harms your device in any way, it should be noted in the reviews. Don’t be afraid to pay for a good one. If that does not work or you are not comfortable doing this, take your device to an authorized technical support provider for help.

The majority of infections noted in this report were not within the United States, but that does not mean it was not found in the U.S. It may be an indicator that training, awareness, and information sharing helps users avoid infections. The command and control center for Hummer was traced back to a Chinese email address.

© Copyright 2016 Stickley on Security