Android Malware Giving Phones a Hummer


So Android Malware has always been quite a problem, especially with it being so easy to install random .apk files and the proliferation of 3rd party app stores. Also so many people with rooted phones and the fact that software installed can root your phone and take complete control.

Android Malware Giving Phones a Hummer

The current worry is the Hummer trojan which is spreading and is hard to stop plus it’s quite invasive as it downloads porn app and displays pop-ups.

Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals.

Hummer first came up on the logs of Cheetah Mobile’s security team in August 2014, but spent eight months in obscurity before starting to blow up. By March of this year, 1.4 million handsets were infected on a given day and many users were powerless to get rid of it.

“If the virus developer were able to make $0.50 USD (the average cost of getting a new installation) every time the virus installed an application on a smartphone, the group behind this trojan family would be able to make over $500,000 USD daily,” the company said in a blog post.

The problem lies in the rooting capabilities of the malware. With the most recent iterations of the Hummer code, there are 18 separate software tools for rooting a handset once the code has been downloaded. Once rooted, even a factory reset may not fully wipe up after a Hummer infection.


It’s a pretty powerful set of tools this Hummer with 18 different ways to root a handset, there aren’t many details out – but I’d imagine most of them focus on older versions of Android.

This would also explain the greater spread in Asia where phones tend to be lower end, with older versions of Android and a lot of alternative app stores come pre-installed on Indian and Chinese hand-sets.

Indian users are the hardest hit by the malware, with Indonesia second and China third. The bulk of infections are found among Asian users, although Hummer has popped up in most locations around the world in smaller numbers.

It appears that the people spreading Hummer are Chinese – the malware uses 12 domain names to update the apps it pushes onto the phones, and some of these domains lead back to a single email address in the Middle Kingdom. A Chinese member of an open source message-board also uploaded part of the code that makes up Hummer – by accident, the researchers believe.

The infection point is thought to be third-party app stores. While Google has largely cleaned malware out of its official Play store, secondary markets are less careful about checking code and Hummer can be disguised as a legitimate-looking app.

Surprise, surprise it appears to come from China. With the complexity of the rooting capabilities it’s probably some kind of team, or company churning out these things. Even with the rough calculations above, they could be making millions of dollars a day.

And, there will be more – so be on guard always.

Source: The Register

Posted in: Malware

, , , , ,


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


Comments are closed.