Hummer Android malware already infected millions of devices

Pierluigi Paganini July 01, 2016

Experts from Cheetah Mobile firm revealed that the Hummer Android malware has already infected millions of smartphones worldwide.

Security experts from the Cheetah Mobile firm are monitoring an Android malware dubbed Hummer since August 2014. The researchers noticed a significant increase in the number of infections in 2016, with a daily average of 1.4 million affected devices.

The experts confirmed that the Hummer Android malware has become mobile Trojan with the highest number of infections worldwide.

Hummer Android malware infections

The Hummer Android malware infected mobile devices worldwide, most of the infections were observed in India, Indonesia, Turkey, China, Mexico, the Philippines, Russia, Malaysia, Thailand and Vietnam.

Operators behind the threat used C&C infrastructure composed of 12 domains linked to a Chinese email address.

The experts highlighted that a so high number of infected devices could allow threat actors to  earn hundred thousand dollars per day.

“Security researchers claim that this trojan family is one of the largest ever, with millions of Android phones infected around the world. Based on Cheetah Mobile’s estimation, if the virus developer were able to make $0.50 (the average cost of getting a new installation) every time the virus installed an application on a smartphone, the group behind this trojan family would be able to make over $500,000 daily.” states the report published by the Chinese firm.

The malicious code includes rooting exploits that use in the attempt to gain administrator privileges on the mobile device and makes hard its removal even with a factory reset.

The malicious code installs on the victim’s mobile device unwanted applications and it is also able to display ads.

“It will then frequently pop up ads and silently install unnecessary or unwanted applications (even malware) in the background, which consumes a lot of network traffic.” states the analysis.

The analysis of Hummer samples allowed the experts to discover that the threat is able to download more than 200 APKs and generate 2 Gb of network traffic in just a few hours.

“The researchers believe that this trojan family originated from the underground internet industry chain in China, based on the trojan codes that have been uploaded to an open-source platform by a careless member of the criminal group behind the trojan family,” concluded Cheetah Mobile.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –Hummer Android malware, mobile)



you might also like

leave a comment