One of the words that is becoming most synonymous with Android is malware. It seems every few months we hear about another major piece of malware that is rooting Android devices by the millions and serving up disaster. In November we were informed about 3 new ones that were present in at least 20,000 Android apps in Play Store.
This week, security firm Check Point brings attention to HummingBad, the newest entry in the list of crap available in Google Play apps. This software, like most, attempts to root infected devices, but for a surprisingly low-level threat: advertising. In this particular case, the intent is to trick people with infected devices into clicking on ads, generating as close to legitimate revenue for the creators as possible. It does occasionally try and download other infected aps in the background, but even that is far from the worst it could be doing, being as it is still simply intended to generate advertising revenue.
Here's the important thing to remember, though: it would not be difficult for the creators of HummingBad to change its intentions. Since it has root access, it could easily track your typing, grabbing your username and password for things like banking apps, or even popular games. It can track your data access, grabbing information about you that you don't necessarily want the world to know. It could even grab all of your contacts and contact them in your name, or upload them to a server to sell to spammers.
The thing that is most interesting about HummingBad, however, is not its incredible potential for disaster, but instead its organizational structure. Most of the time, malware groups hide from the public because what they are doing is questionable at best, and illegal at worst. In this case, the group behind HummingBad is Chinese ad server YingMob. That means that a legitimate advertising company could potentially be partnering with legitimate mobile developers to spread malware to Android devices in the name of additional advertising revenue.
This is certainly an interesting twist on the theme, and one that is encouraging for a lack of future potential. It is currently in YingMob's best interest to not become fully active, and instead continue to focus on bolstering its advertising interaction. They could turn on the full power, however, and cause a lot of trouble. Currently there is no published way to detect or remove HummingBad, which leaves avoiding it as your best option. As always, the best way to avoid malware on Android is to be very careful what apps you download. If the publisher isn't a known entity, research it before you download. If the names don't match, don't download. In other words, be vigilant.