HummingBad – a strain of malware discovered by Check Point in February 2016 that “establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps” – has now infected 10 million devices, netting the cyber criminal gang behind it some $300,000 a month.
The potential for further infection is huge: In a new report (From HummingBad to Worse), Check Point explains that Yingmob – the Chinese mobile ad server company responsible for HummingBad – also provides a number of legitimate advertising and analytics services, effectively giving it control over “an arsenal of over 85 million mobile devices around the world.” Yingmob is also associated with the iOS malware known as Yispector.
Android operating systems affected by HummingBad
HummingBad targets all versions of the Android operating system, including the latest, Marshmallow. The distribution of victims is:
- 1% Marshmallow
- 7% Lollipop
- 50% KitKat
- 40% Jelly Bean
- 2% Ice Cream Sandwich
The Check Point report observes that “Quick, easy access to sensitive data on mobile devices connected to enterprises and government agencies around the globe is extremely attractive to cybercriminals and hacktivists.
“Without the ability to detect and stop suspicious behavior, these millions of Android devices and the data on them remain exposed today.”
BYOD and mobile device security
Organizations that support BYOD (bring your own device) need to be especially wary of employees using Android devices to access corporate networks and work systems.
IT Governance’s BYOD Policy Template Toolkit contains a complete, customizable BYOD policy and Acceptable Use Agreement, together with implementation guidance, and is usable either on its own or with any other ITGP documentation toolkit.
Fully up to date with the official guidance on data management and security from the UK’s Information Commissioner, the BYOD Policy Template Toolkit puts affordable best practice at the fingertips of CIOs and security managers everywhere.