You have probably heard of HummingBad, a malware aimed at mobiles that has already infected at least 85 million terminals around the world. The Check Point firm was at the Rooted CON 2017 event and was explaining the HummingBad operation, a Trojan that generates a persistent rootkit on devices.
The Rooted CON 2017, which was held in Madrid until last March 4, received Check Point, a firm that explained the operation of HummingBad, an infection that generates fraudulent advertising revenue worth 300,000 euros per month and installs dangerous apps.
Check Point gained in-depth access to data from Yingmob, the legal company in China behind the HummingBad operation and that it hid the cyber criminals responsible for the operation of the malware. It has 25 employees organized into four independent groups, all of them responsible for creating malicious components for the operation of HummingBad.
The representative of the security company, Alon Menczer, pointed out that “34 percent of all app-related advertising traffic is fraudulent. When a terminal is infected by HummingBad, the malware takes care of downloading and opening malicious apps. When you open these apps, a conversion occurs, for which the advertiser has to pay. “
But the most serious thing is not the amount of money that cybercriminals obtain thanks to the operation of Hummingbad, but the huge figure of 85 million infected devices that opens the opportunity for hackers to use their victims to create botnets, launch attacks Massive DDoS or sell access to mobile terminals and their data to the highest bidder, says the Check Point report.
During the conference, Alon Menczer has given for the first time data and details about the work to reveal the operation of HummingBad. “After analyzing the malware, we were able to detect what at first seemed like an isolated case of a Trojan installing malicious advertising. We soon discovered that there was a very well organized international campaign that infects hundreds of thousands of new victims every day. “
The revelation about the HummingBad operation exposes the entire business behind cybercrime.