You might have seen the slightly terrifying headline from the BBC proclaiming that up to 10 million android phones have been infected with a particularly nasty kind of malware. The malware (christened ‘HummingBad’) generates fake clicks for adverts and therefore click revenue for the advert owners. In fact it’s currently estimated to be making around £232,000 a month from those infected devices. At the moment the majority of the infected phones are in China, but with widespread fear of human diseases being easily spread by travel and trade, it is understandable that this spike in malware has caused some concern for British Android users.
HummingBad is a type of rootkit malware, and is one of the most difficult to detect and remove. It’s akin to a burglar waiting in your attic until you aren’t home, before letting the rest of their team inside to steal things. Rootkit malware is designed embed itself deep in the operating system to avoid detection, gather information from your device and allow other malware access to your device. Whilst it might not sound that bad on its own, this type of malware can let in some very nasty things, so it’s important to keep an eye out for it. Security company Checkpoint first noticed the malware developing in February this year, but have only just gained access to the command and control servers that oversee infected phones, revealing HummingBad on over 10 million devices. Once HummingBad has embedded itself in the operating system and root privileges of an Android device, it can then give its creators total control over the handset. This gives them the ability to remotely control the phone, and this is being used to click on ads and make them seem much more popular than they actually are. It can also be used to install fake versions of popular apps or spread programmes the controllers have been paid to promote, all of which generates income for them. While this might seem harmless, it is leaving your device vulnerable to attack by more malware. What’s worse is that the malware can survive a factory reset, hiding away in the root privileges of your device. You can find out more about the types of malware out there in our previous blog post.
So how do you protect your Android from becoming infected with HummingBad, or any other kind of malware? While it may sound cynical, what HummingBad reveals is an integral problem with our attitudes towards updates and software. Many people are now making the choice not to update their apps and operating systems, usually for fear that something will stop working. It is this that HummingBad has tapped into, getting installed onto devices by exploiting loopholes I older versions of the Android software – specifically KitKat and JellyBean. Even if you are worried about the performance of your phone, you should always make sure everything is up to date, as this is what protects your device from infection. This month’s security update for Android tackled more than 108 separate vulnerabilities within the operating system, and so far the security updates this year have closed and blocked more than 270 bugs in the system. Google has said in a statement that ‘We've long been aware of this evolving family of malware and we're constantly improving our systems that detect it. We actively block installations of infected apps to keep users and their information safe.’ To make sure your device is safe, ensure it is updated to the latest edition of Android – which at the moment is Marshmallow.
For more information about malware, you can check out our guide for protecting against malware for more tips for your devices and computers, or learn how to clean up your malware infected computer or device the easy way. If you think your Android device has been compromised, or you need help updating the devices within your business to the latest operating system, get in touch with us and we can help you ensure your business data is secure.