Millions of Android devices infected by Chinese malware

cyber attack

A reported 85 million Android devices around the world have been infected by Android malware, which brings in more than $300,000 dollars each month for the Chinese cybercriminals behind it.

This is according to the Israeli-based cybersecurity software creator, Check Point, after tracking the malware – called HummingBad – since February, when it was first discovered.

HummingBad works by infecting Android devices with a persistent rootkit, allowing the hackers to gain remote access to smartphones, and it generates fraudulent ad revenue, in addition to installing fraudulent apps, earning the group as much as $300,000 every month.

However, this isn’t the only concern over the malware infection, Check Point explained. The cybercriminals could potentially sell personal information to other criminals, or even grant access to the phones, essentially to whichever criminals offer the highest amount of money.

The group behind the attack are reportedly a team of developers from the mobile ad server company, Yingmob, in China. Interestingly, Check Point says that “Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology.”

Although approximately 85 million devices are believed to be affected by the malware, only around 10 million are estimated by Check Point to be using the malicious apps. 50 per cent of all victims are using the Android Operating System (OS) KitKat, with 40 per cent using jelly bean. Just 1 per cent of victims are using Marshmallow, the latest OS.

The victims are spread all over the world, but the vast majority are in China (1.6 million) and India (1.35 million), while there are fewer than 100,000 devices in the UK affected.

Check Point released a blog post on the subject, which also includes access to its in-depth analysis of the problem.