Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Android malware from Chinese ad firm infects 10 million devices

patent10021

patent10021

macrumors 68040
Original poster
Apr 23, 2004
3,531
809
Android malware from Chinese ad firm infects 10 million devices

The Android malware Hummingbad has infected 10 million devices so far, but what's most interesting is where it comes from. First discovered by the security firm Check Point in February, the researchers have tied it to Yingmob, a highly organized Chinese advertising and analytics company that looks like your typical hum-drum ad firm. Once it successfully infects and sets up a rootkit on Android devices (giving it full administrative control), Hummingbad generates as much as $300,000 a month through fraudulent app installs and ad clicks. As Check Point describes it, Hummingbad is an example of how malware companies can support themselves independently.
Click to expand...

Walled-Graden doesn't seem so bad sometimes.

OT but on a semi-related note, Android Studio is the worst IDE ever created.
 
L

Loco Emperor

macrumors regular
Jun 17, 2016
199
96
It's okay.
Android is open and there is ABSOLUTELY nothing wrong with open as long as you can make your homescreen look artistic and have a bunch of widgets on them to see live views of things without opening apps. It's okay as well that it I open and what not because it has features that IOS still lacks or is just now getting. Android is the best.
/sarcasm
 
mi7chy

mi7chy

macrumors G4
Oct 24, 2014
10,625
11,298
It's ok to be ignorant. /s

This is an issue affecting Asia, primarily China, where the government block Google Play Store forcing their citizens to side load apps forgoing the protection of Google malware scanning which is considered top in the business.

https://virustotal.com/

Getting apps from questionable sources is universally risky and also affects iOS per the article.

iPhone users aren't safe from Yingmob either -- researchers have also found that the group is behind the Yispecter iOS malware
Click to expand...

As of 9/2015 there were 1.4 billion Android devices so 10 million is 0.7% so less than 1%.

Along with built-in Google malware scanning a lot of devices don't even have working root for years like my Moto G with Android 4.4. That's unlike iOS that has had jailbreak (root) for majority of the versions.
 
Last edited:
  • Like
Reactions: khha4113, LIVEFRMNYC and jamezr
L

L_Virtue

macrumors newbie
Mar 25, 2016
22
19
Much like iOS, the probability of getting malware/viruses from a Play Store apps are almost completely minuscule. The infections stem from bypassing the Play Store and side-loading (and turning off the ability for Android to block the installs) infected apks. This is the fault of the user, not the OS.
 
  • Like
Reactions: khha4113
gotluck

gotluck

macrumors 603
Dec 8, 2011
5,717
1,260
East Central Florida
I would rather have malware out there than be locked into a walled garden.

Are you guys against freedom in real life too? There would be less crime if the government controlled our lives more. Freedom isn't perfect but it's better than censorship and what is essentially a dictatorship.
 
  • Like
Reactions: jamezr
Surf Donkey

Surf Donkey

Suspended
May 12, 2015
1,541
1,434
gotluck said:
I would rather have malware out there than be locked into a walled garden.

Are you guys against freedom in real life too? There would be less crime if the government controlled our lives more. Freedom isn't perfect but it's better than censorship and what is essentially a dictatorship.
Click to expand...

Yeah well my mother in law asked me to check out her computer this weekend because it was running slow. Lets just say some people need a walled garden. Glad the iPhone is out there for them.
 
gotluck

gotluck

macrumors 603
Dec 8, 2011
5,717
1,260
East Central Florida
Surf Donkey said:
Yeah well my mother in law asked me to check out her computer this weekend because it was running slow. Lets just say some people need a walled garden. Glad the iPhone is out there for them.
Click to expand...

I hear you, but I don't get why those people cant just leave the 'allow apps from third party sources' box unchecked, we all must suffer for the benefit of the lowest common denominator! :( (I know windows pcs don't really have that, but android and osx do)
 
  • Like
Reactions: Surf Donkey
Surf Donkey

Surf Donkey

Suspended
May 12, 2015
1,541
1,434
gotluck said:
I hear you, but I don't get why those people cant just leave the 'allow apps from third party sources' box unchecked, we all must suffer for the benefit of the lowest common denominator! :( (I know windows pcs don't really have that, but android and osx do)
Click to expand...

According to this in depth on the malware, that check box might not have stopped it though:

http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf

If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.

If the device is rooted, it installs the APK silently; if not, SSP attempts installation with a user dialog. Once installed, SSP launches the APK and broadcasts INSTALL_REFERRER, using information received from the server to imitate an installation from GP and acquire revenue from the ad networks
 
  • Like
Reactions: gotluck
gotluck

gotluck

macrumors 603
Dec 8, 2011
5,717
1,260
East Central Florida
Surf Donkey said:
According to this in depth on the malware, that check box might not have stopped it though:

http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf

If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.

If the device is rooted, it installs the APK silently; if not, SSP attempts installation with a user dialog. Once installed, SSP launches the APK and broadcasts INSTALL_REFERRER, using information received from the server to imitate an installation from GP and acquire revenue from the ad networks
Click to expand...

well then that there is quite a vulnerability indeed!

the walled garden argument doesn't seem all that applicable here then though? It seems like google play store's code is more to blame, given the device is unrooted.

the real main issue is these devices are surely some old unpatched android version, updates are important is moreso the moral of the story for me but I know you all are sick of me beating that drum :p
 
Last edited:
Surf Donkey

Surf Donkey

Suspended
May 12, 2015
1,541
1,434
gotluck said:
well then that there is quite a vulnerability indeed!

the walled garden argument doesn't seem all that applicable here then though?
Click to expand...

Well there was a related malware attack on iOS last year that did the same thing. It impacted both jailbroken and non-jailbroken devices. Within the walled garden Apple did fix it quickly once they knew about it (but it has been circulating for the good part of 10 months), The wall had a hole.

So to your point, yes in the case of this pretty ingenious malware, Apple's walled garden didn't fare any better than keeping your 'allow apps from third party sources' box checked!
 
  • Like
Reactions: gotluck
flyinmac

flyinmac

macrumors 68040
Sep 2, 2006
3,579
2,465
United States
gotluck said:
I would rather have malware out there than be locked into a walled garden.

Are you guys against freedom in real life too? There would be less crime if the government controlled our lives more. Freedom isn't perfect but it's better than censorship and what is essentially a dictatorship.
Click to expand...

We could apply the walled garden to our daily lives...

Everybody pays $100 a month to live in a jail cell. We each get our own cell. We all only eat what we're given. And we only interact with the people the warden has allowed to come into our cells. And we only watch shows permitted by the warden.

If we want any decorations, the warden must approve of them first.

We will have a peaceful life, no crime, no negative influences, and only want for..... Everything.
 
Surf Donkey

Surf Donkey

Suspended
May 12, 2015
1,541
1,434
Tsepz said:
Oh look, another piece of Malware that requires turning Off a Security feature to be installed.

Lol, love these articles, as they always leave out that part.

Thanks! :)
Click to expand...

What security feature is that in this case?
 
decafjava

decafjava

macrumors 603
Feb 7, 2011
5,520
8,037
Geneva
gotluck said:
I would rather have malware out there than be locked into a walled garden.

Are you guys against freedom in real life too? There would be less crime if the government controlled our lives more. Freedom isn't perfect but it's better than censorship and what is essentially a dictatorship.
Click to expand...
I wish people would stop comparing real life to what ecosystems we like to play in.
 
Surf Donkey

Surf Donkey

Suspended
May 12, 2015
1,541
1,434
Tsepz said:
Allowing Install from Unknown Sources, as well as turning Off both the Verify Apps options.
Click to expand...

I have read the report again (I love this stuff):
http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf

And I think you might be right actually. I thought it was coming in with a "system update" pop-up via a browser or other back door in KK or JB to gain root permissions, but it is a bit vague there. Anyway, yes, keep those on an you are very well likely going to be safe.
 
  • Like
Reactions: gotluck
F

Fanaticalism

macrumors 6502a
Apr 16, 2013
908
158
Surf Donkey said:
I have read the report again (I love this stuff):
http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf

And I think you might be right actually. I thought it was coming in with a "system update" pop-up via a browser or other back door in KK or JB to gain root permissions, but it is a bit vague there. Anyway, yes, keep those on an you are very well likely going to be safe.
Click to expand...
Only problem is, there is no play store in China so "allow unknown sources" has to be checked or they can't install any apps.

This is not an Android issue per se but an Asian market one.
 
  • Like
Reactions: gotluck and Surf Donkey
flyinmac

flyinmac

macrumors 68040
Sep 2, 2006
3,579
2,465
United States
Fanaticalism said:
Only problem is, there is no play store in China so "allow unknown sources" has to be checked or they can't install any apps.

This is not an Android issue per se but an Asian market one.
Click to expand...

The correct story line should be "China's government rules cause phones to be infected by malware".

Not that it's really any different from just using the Internet in China.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom