So Android Malware has always been quite a problem, especially with it being so easy to install random .apk files and the proliferation of 3rd party app stores. Also so many people with rooted phones and the fact that software installed can root your phone and take complete control.
The current worry is the Hummer trojan which is spreading and is hard to stop plus it’s quite invasive as it downloads porn app and displays pop-ups.
Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals.
Hummer first came up on the logs of Cheetah Mobile’s security team in August 2014, but spent eight months in obscurity before starting to blow up. By March of this year, 1.4 million handsets were infected on a given day and many users were powerless to get rid of it.
“If the virus developer were able to make $0.50 USD (the average cost of getting a new installation) every time the virus installed an application on a smartphone, the group behind this trojan family would be able to make over $500,000 USD daily,” the company said in a blog post.
The problem lies in the rooting capabilities of the malware. With the most recent iterations of the Hummer code, there are 18 separate software tools for rooting a handset once the code has been downloaded. Once rooted, even a factory reset may not fully wipe up after a Hummer infection.
It’s a pretty powerful set of tools this Hummer with 18 different ways to root a handset, there aren’t many details out – but I’d imagine most of them focus on older versions of Android.
This would also explain the greater spread in Asia where phones tend to be lower end, with older versions of Android and a lot of alternative app stores come pre-installed on Indian and Chinese hand-sets.
Indian users are the hardest hit by the malware, with Indonesia second and China third. The bulk of infections are found among Asian users, although Hummer has popped up in most locations around the world in smaller numbers.
It appears that the people spreading Hummer are Chinese – the malware uses 12 domain names to update the apps it pushes onto the phones, and some of these domains lead back to a single email address in the Middle Kingdom. A Chinese member of an open source message-board also uploaded part of the code that makes up Hummer – by accident, the researchers believe.
The infection point is thought to be third-party app stores. While Google has largely cleaned malware out of its official Play store, secondary markets are less careful about checking code and Hummer can be disguised as a legitimate-looking app.
Surprise, surprise it appears to come from China. With the complexity of the rooting capabilities it’s probably some kind of team, or company churning out these things. Even with the rough calculations above, they could be making millions of dollars a day.
And, there will be more – so be on guard always.
Source: The Register