Android Malware Giving Phones a Hummer

The New Acunetix V12 Engine


So Android Malware has always been quite a problem, especially with it being so easy to install random .apk files and the proliferation of 3rd party app stores. Also so many people with rooted phones and the fact that software installed can root your phone and take complete control.

Android Malware Giving Phones a Hummer

The current worry is the Hummer trojan which is spreading and is hard to stop plus it’s quite invasive as it downloads porn app and displays pop-ups.

Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals.

Hummer first came up on the logs of Cheetah Mobile’s security team in August 2014, but spent eight months in obscurity before starting to blow up. By March of this year, 1.4 million handsets were infected on a given day and many users were powerless to get rid of it.

“If the virus developer were able to make $0.50 USD (the average cost of getting a new installation) every time the virus installed an application on a smartphone, the group behind this trojan family would be able to make over $500,000 USD daily,” the company said in a blog post.

The problem lies in the rooting capabilities of the malware. With the most recent iterations of the Hummer code, there are 18 separate software tools for rooting a handset once the code has been downloaded. Once rooted, even a factory reset may not fully wipe up after a Hummer infection.


It’s a pretty powerful set of tools this Hummer with 18 different ways to root a handset, there aren’t many details out – but I’d imagine most of them focus on older versions of Android.

This would also explain the greater spread in Asia where phones tend to be lower end, with older versions of Android and a lot of alternative app stores come pre-installed on Indian and Chinese hand-sets.

Indian users are the hardest hit by the malware, with Indonesia second and China third. The bulk of infections are found among Asian users, although Hummer has popped up in most locations around the world in smaller numbers.

It appears that the people spreading Hummer are Chinese – the malware uses 12 domain names to update the apps it pushes onto the phones, and some of these domains lead back to a single email address in the Middle Kingdom. A Chinese member of an open source message-board also uploaded part of the code that makes up Hummer – by accident, the researchers believe.

The infection point is thought to be third-party app stores. While Google has largely cleaned malware out of its official Play store, secondary markets are less careful about checking code and Hummer can be disguised as a legitimate-looking app.

Surprise, surprise it appears to come from China. With the complexity of the rooting capabilities it’s probably some kind of team, or company churning out these things. Even with the rough calculations above, they could be making millions of dollars a day.

And, there will be more – so be on guard always.

Source: The Register

Posted in: Malware

, , , , ,


Latest Posts:


Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.
Drupwn - Drupal Enumeration Tool & Security Scanner Drupwn – Drupal Enumeration Tool & Security Scanner
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.


Comments are closed.