Security experts warn that Android auto-rooting apps out there are infecting Android smartphones with malware. According to their research, they have revealed a very unusual spike in a particular Android malware that is embedded into the Android operating system after rooting. The disturbing news comes in after more than 10 million Android smartphones get infected, of which 286,000 are in the US alone.
According to a report by Ars Technica, Check Point Software, the research team behind the revelation, stated that the infected Androids have a malware embedded, which is installing more than 50,000 fraudulent apps each day. The malware displays more than 20 million malicious advertisements and generates almost #300,000 in revenue each month. The malware has a high success rate because it has an ability to silently root a large amount of Android devices via a simple auto-rooting app.
The malware in question is dubbed as ‘HummingBad’, but another research firm Lookout say that it is in fact the Shedun, whichis a family of the auto-rooting malware that was identified in late 2015.
The researchers are silently observing a China-based advertising firm that is behind the said malware. The malware silently installs promoted apps on infected phones, defrauding legitimate mobile advertisers, and creating fraudulent statistics inside the official Google Play Store. "Accessing these devices and their sensitive data creates a new and steady stream of revenue for cybercriminals. "Emboldened by financial and technological independence, their skillsets will advance–putting end users, enterprises, and government agencies at risk," Check Point researchers wrote in a recently published report.
The ‘HummingBad’ malware-infected apps are developed by Yingmob, a Chinese mobile advertisement server company, and other researchers also claim that they are behind the Yinspector iOS malware too. The malware sends notifications to Umeng, a tracking/analytics service which are used by attackers to manage their campaigns.
Check Point has also managed to analyze Yingmob’s Umeng account and gained further insights into the HummingBad campaign. They found that more than 10 million devices are under the control of malicious apps.
In order to check if your rooted device is infected by the virus, Lookout Security and Antivirus app seems to have an option.
