Android Malware Giving Phones a Hummer

The New Acunetix V12 Engine


So Android Malware has always been quite a problem, especially with it being so easy to install random .apk files and the proliferation of 3rd party app stores. Also so many people with rooted phones and the fact that software installed can root your phone and take complete control.

Android Malware Giving Phones a Hummer

The current worry is the Hummer trojan which is spreading and is hard to stop plus it’s quite invasive as it downloads porn app and displays pop-ups.

Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals.

Hummer first came up on the logs of Cheetah Mobile’s security team in August 2014, but spent eight months in obscurity before starting to blow up. By March of this year, 1.4 million handsets were infected on a given day and many users were powerless to get rid of it.

“If the virus developer were able to make $0.50 USD (the average cost of getting a new installation) every time the virus installed an application on a smartphone, the group behind this trojan family would be able to make over $500,000 USD daily,” the company said in a blog post.

The problem lies in the rooting capabilities of the malware. With the most recent iterations of the Hummer code, there are 18 separate software tools for rooting a handset once the code has been downloaded. Once rooted, even a factory reset may not fully wipe up after a Hummer infection.


It’s a pretty powerful set of tools this Hummer with 18 different ways to root a handset, there aren’t many details out – but I’d imagine most of them focus on older versions of Android.

This would also explain the greater spread in Asia where phones tend to be lower end, with older versions of Android and a lot of alternative app stores come pre-installed on Indian and Chinese hand-sets.

Indian users are the hardest hit by the malware, with Indonesia second and China third. The bulk of infections are found among Asian users, although Hummer has popped up in most locations around the world in smaller numbers.

It appears that the people spreading Hummer are Chinese – the malware uses 12 domain names to update the apps it pushes onto the phones, and some of these domains lead back to a single email address in the Middle Kingdom. A Chinese member of an open source message-board also uploaded part of the code that makes up Hummer – by accident, the researchers believe.

The infection point is thought to be third-party app stores. While Google has largely cleaned malware out of its official Play store, secondary markets are less careful about checking code and Hummer can be disguised as a legitimate-looking app.

Surprise, surprise it appears to come from China. With the complexity of the rooting capabilities it’s probably some kind of team, or company churning out these things. Even with the rough calculations above, they could be making millions of dollars a day.

And, there will be more – so be on guard always.

Source: The Register

Posted in: Malware

, , , , ,


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


Comments are closed.