Malicious Software Puts About 10 Million Android Devices At Risk. See How To Identify And kill It Here

It’s another malicious app that has attacked about 10 million Android phone most of which based in China and India. Just this past February, Security company Check Point posted an article in which we made to know about HummingBad; a software that’s capable of stealing your personal data and making it look as like you clicked on adverts even though you didn’t.  HummingBad is a malware that “establishes a persistent rootkit with the objective to generate fraudulent ad revenue for its perpetrator, similar to the Brain Test app discovered by Check Point earlier this year. In addition, HummingBad installs fraudulent apps to increase the revenue stream for the fraudster.

Our analysis of the HummingBad malware shows that multiple fraudster groups continue to evolve their methods, including assuring the persistency of the malware once the infection is successful. This campaign is the latest in series initiated by various fraudster groups in the last 4 months.

This epidemic of Android malware includes BrainTest, PushGhost, and Xinyinhe. Moreover, as the malware installs a rootkit on the device, it enables the attacker to cause severe damage if he decides to change his objectives, including installing key-logger, capturing credentials and even bypassing encrypted email containers used by enterprises.”

According to CNET, “the bulk of victims are in China and India, with 1.6 million and 1.35 million cases respectively. The Philippines, Indonesia and Turkey are toward the top of the list, too. The US has 288,800 infected devices. The UK and Australia each have fewer than 100,000 devices affected.”  It’s safe to say to say some of the cases are in Africa as well even though the report doesn’t specifically say so. According to a Pew Research Cell phone and smartphone ownership is also more common among Africans with at least some English facility. Three-quarters of Ugandans who speak or read at least some English own a mobile phone, while only about half (48%) of those with no English language skills own one. And one-third of English-speaking Nigerians own a smartphone, compared with 2% of Nigerians who do not have the ability to read or speak at least some English.

It is expected that there will be over 370 million smartphones on the African continent by 2017 and as you might expect, many of these smartphones will be Android based. It is estimated that 30 percent of smartphone users have an Android device in Africa.

I wanted to show you that there’s a likelihood of this malware affecting many Android users in Nigeria and African without them even knowing it.

Below is how to identify the malware, kill it and prevent if from happening again accoriding to CNET which orginally posted this yesterday

How to find out if your phone has HummingBad

We live in an age of malicious mobile apps, and cybersecurity companies have taken note. They’ve produced apps that can detect bad actors on your phone and flag them for you. It works a little like antivirus software on your computer. What’s more, some of these services can tell just by what an app does that it’s up to no good.

You have a range of options when it comes to this protective phone software. Download one of these malware scanner on your phone, like Check Point’s own Zone Alarm, Lookout, AVG and Avast. Once the app is installed, run a malware scan.

The tools for catching HummingBad on mobile phones are now public information, so any service worth its salt will be able to detect it.

 How to kill HummingBad

If you find you’re the owner of one of the millions of infected phones (only 288,800 of which are in the US), you can get rid of it, but you’re not going to like the approach: factory reset.

Alternatively, if you’re a cybersecurity black belt with a specialty in malicious mobile apps, you could painstakingly remove it, said Dan Wiley, head of incident response at Check Point. But if you’ve read this far, you probably don’t have those skills.

So back up your files and contacts, write down your favorite apps, and then reset your phone.

How to prevent this from happening again

If you’re now looking at the generic wallpaper on your freshly reset phone, probably the last thing you want is a lecture. But Wiley has some advice you just might heed to keep this bad dream from becoming a recurring nightmare.

“The biggest thing I could say is, don’t download apps from untrusted stores,” Wiley said.

Most people in the US primarily buy their Android apps from the Google Play store, but in other countries, it’s more common to chance it by installing apps from other sources. These don’t have the same guarantees that come with apps that have gone through the Google vetting process, and can be shady.

That’s not enough to prevent this from ever happening again — hackers are clever like that — but it’s a good start.

This won’t be the first time that Android devices would be reportedly being susceptible to malicious attacks.

In May last year, a study found that  many Android apps connect to a frightening number of shady tracking sites. The apps connect to a mind-boggling 250,000 different urls across almost 2,000 top level domains” and that while most attempt to connect to just a handful of ad and tracking sites, some are much more prolific.” Even worse, they found that a small proportion of the apps even seem designed to connect to suspicious sites connected with malware.

Two months later, it was reported that a messaging bug left about 95% of android devices vulnerable. Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.

And yet another two months after that, Google issued a fix for yet another flaw in Android. Researchers found that trying to unlock mobile devices with an abnormally long password caused the lock screen to crash sometimes.

Finally just a few days ago, A researcher demonstrated how he was able to extract encryption keys from Qualcomm powered Android devices. A researcher found a vulnerability with Android’s Full Disk Encryption (FDE) on devices that use Qualcomm’s chip. Gal Beniamini who is an Israeli researcher drew our attention to the stark differences between the iOS encryption which was eventually broken by the FBI and Qualcomm powered Android devices which store encryption keys in software. At the heart of the research are two vulnerabilities involving  CVE-2015-6639 and CVE-2016-2431which Google and Qualcomm have both claimed to have been fixed with the first in January and the other in May and have made payout to the researcher in their bug bounty program.

Image Credit: Tech Worm