Last week, security firm Check Point disclosed a lot of information about
HummingBad, a widely distributed malware toolkit, affecting over 10 million users. The malware is initially downloaded unknowingly through one of 200 apps available in Google Play. Those apps then root the device and download more of the infected apps, which then generate fake advertising clicks.
Since last week, a couple of questions have arisen. The most common question has been about just how widespread the problem is. Our initial numbers, reported last week, were a misrepresentation of the number of devices infected. We reported that 10 million devices were infected, but as it turns out, that was incorrect. In fact, the report states that 10 million users are affected, with many users having several infected devices. The real count comes in at about 85 million unique Android devices infected by this malware.
The primary count exists within China, where the developer and ad network YingMob exist, with 1.6 million users. India follows with 1.35 million and the Philippines with 520,901. The rest of the countries are spelled out below.
The next question we have heard has been about revenue. How much could YingMob possibly make generating fake advertising clicks on infected devices? According to Check Point, the company generates an average of $10,000 per day, which nets $300,000 per month, and $3.6 million annually. This is a lot of money for any organization, let alone a small Chinese advertising company. Profit, however, leads to a third question.
The third question we've been asked, and we
discussed on the show last week, is about what's next for the malware. As of right now, the software, that has root access to 85 million devices, is fairly benign. It generates fake ad clicks and downloads additional apps. It could be a whole lot worse. If revenue is the main drive behind YingMob's actions, the next step could generate a lot more revenue. It involved selling root device access for 85 million devices to others.
Once another organization has root access to that many devices, they could do some real damage and mine some serious data. Root access can allow for data scraping from the device, including contacts, app data, etc. It can also continue to install other software, including screen readers and keyloggers. This could give nefarious groups access to email, banking, tax records, etc. Selling this access could generate FAR more than $3.6 million annually for the group.
Will there be more problems ahead because of HummingBad, or will YingMob be content generating revenue with their current methods? We will keep an eye out for any new developments.
The battle for video streaming dominance is a heated one, and it is set to get worse with time. This week, Amazon announced a new partnership that will add 33 new exclusive titles to Prime Instant Video. The partnership is with Warner Bros. and includes some of their largest titles, including
Lethal Weapon and the Matrix franchise.
Amazon has been working hard to raise both the quality and awareness of their service. While it comes included with a Prime subscription, many subscribers do not know that. One way to raise that awareness is to get some high profile titles, which this relationship could certainly do. In addition, they have been ramping up their
original content, with a focus on families.
Obviously, Netflix isn't going to allow Amazon to make itself too attractive, or to take away the service's market dominance. They have been strengthening their catalog, as well, with CW shows coming to the service only a week after a season ends. Television alone won't keep them going, though, as Hulu has already proven - Netflix is going to have to ramp up their movie offering if they want to continue their position.
Here are the movies coming as part of Amazon's new deal:
The American President Barcelona Good Night, And Good Luck Grumpier Old Men JFK Mystic River Ocean's Eleven See Spot Run Space Jam Storytelling Twister The Wedding Singer Any Given Sunday Austin Powers: The Spy Who Shagged Me Caddyshack The Candidate The Devil's Advocate Dreamcatcher Final Destination Full Metal Jacket Interview With the Vampire Lethal Weapon Lethal Weapon 2 Lethal Weapon 3 Lethal Weapon 4 The Matrix The Matrix Reloaded The Matrix Revolutions Teenage Mutant Ninja Turtles Teenage Mutant Ninja Turtles 2 Teenage Mutant Ninja Turtles 3 Training Day You've Got Mail
The US Department of Justice has filed a lawsuit against Facebook over their lack of cooperation with an IRS investigation. Facebook transferred some if its intellectual property to a wholly-owned subsidiary located in Ireland. The transfer was made because of more favorable tax rates in Ireland versus the United States. This is a fairly common practice, so why are the IRS and DoJ involved?
The IRS maintains that Facebook transferred its IP overseas at a lower value to avoid paying taxes in the US. The company has not been terribly cooperative with the investigation, which prompted the DoJ to get involved, filing suit to force them to turn over documents related to the inquiry. Detailed in the suit,
The IRS examination team's preliminary positions suggested that the E&Y (Ernst & Young tax adviser) valuations of the transferred intangibles were understated by billions of dollars.
Facebook has denied these accusations, releasing a statement saying,
Facebook complies with all applicable rules and regulations in the countries where we operate.
Unfortunately, this is not an uncommon scenario, with companies transferring taxable income out of North America and into countries with lower corporate taxes. That will make it more difficult for Facebook to explain away the behavior and the potential of billions of dollars being devalued in the transfer. This scenario has been a major aspect of tax reform conversations, with some suggesting that laws should be created to prevent this behavior, and others recommending that corporate taxes be changed so companies are not in a better situation leaving the country.
The most anticipated mobile game of the year, and possibly in the industry's history, was released this week:
. The title is an augmented reality game, combining mythical creatures and artificial locations with the real world. While walking around in reality, you can encounter Pokémon, allowing you to try and catch them with your phone. This is done with an AR screen, which puts the creature directly into your real environment.
To capture a Pokémon, you must have certain supplies. For example, Pokéballs, incense, berries, etc. One of the best ways to get these types of supplies is to visit a PokéStop. These are found on your AR map and marked with a blue diamond. When you get within range of a PokéStop, spinning the ring will produce items. Tapping on them will add them to your inventory.
Just like in other games in the franchise, once you have the Pokémon in your possession, you have to train them. That can be done at gyms, which can also be found in the real world. Battle within a gym controlled by your team to increase your Pokémon's power. Use your powered-up Pokémon to claim another team's gym for your team.
The real interesting thing here, though, is how popular the game has been in just its first few days. While scrolling through Facebook, it is hard for anyone to get too far without seeing something about the game, whether it being a player talking about their most impressive catch, memes about inappropriate places people have found and caught Pokémon or complaints about the servers.
The last is because the game has been far more popular than Nintendo, or developer Niantic, thought it would be. So many people are playing at once, and all the time, that the servers have had fairly constant issues. As I write this, the servers are down, in fact. Players have experienced server crashes just as catching rare Pokémon, or even simply walking around. The issues are so bad that memes about the server issues have also become incredibly commonplace. Fortunately, the issues are getting better every day, and will hopefully level out soon so that players who are excited about the game can actually enjoy it.
One of the words that is becoming most synonymous with Android is malware. It seems every few months we hear about another
major piece of malware that is rooting Android devices by the millions and serving up disaster. In November we were informed about 3 new ones that were present in at least 20,000 Android apps in Play Store.
This week, security firm Check Point brings attention to HummingBad, the newest entry in the list of crap available in Google Play apps. This software, like most, attempts to root infected devices, but for a surprisingly low-level threat: advertising. In this particular case, the intent is to trick people with infected devices into clicking on ads, generating as close to legitimate revenue for the creators as possible. It does occasionally try and download other infected aps in the background, but even that is far from the worst it could be doing, being as it is still simply intended to generate advertising revenue.
Here's the important thing to remember, though: it would not be difficult for the creators of HummingBad to change its intentions. Since it has root access, it could easily track your typing, grabbing your username and password for things like banking apps, or even
popular games. It can track your data access, grabbing information about you that you don't necessarily want the world to know. It could even grab all of your contacts and contact them in your name, or upload them to a server to sell to spammers.
The thing that is most interesting about HummingBad, however, is not its incredible potential for disaster, but instead its organizational structure. Most of the time, malware groups hide from the public because what they are doing is questionable at best, and illegal at worst. In this case, the group behind HummingBad is Chinese ad server YingMob. That means that a legitimate advertising company could potentially be partnering with legitimate mobile developers to spread malware to Android devices in the name of additional advertising revenue.
This is certainly an interesting twist on the theme, and one that is encouraging for a lack of future potential. It is currently in YingMob's best interest to not become fully active, and instead continue to focus on bolstering its advertising interaction. They could turn on the full power, however, and cause a lot of trouble. Currently there is no published way to detect or remove HummingBad, which leaves avoiding it as your best option. As always, the best way to avoid malware on Android is to be very careful what apps you download. If the publisher isn't a known entity, research it before you download. If the names don't match, don't download. In other words, be vigilant.