According to findings from CheckPoint, the cyber-security company, Chinese group Yingmob has been distributing mobile device malware dubbed ‘HummingBad’.
Number of HummingBad instances
Based in Beijing, Yingmob is registered as a subsidiary of advertising firm MIG Unmobi Technology Inc. and offers mobile advertising services such as video and in-app ads.
The report from CheckPoint states that the malware coming from Yingmob pushes ads onto people’s devices and upon clicking on them, the company cashes in.
Yingmob employs ‘drive-by-download’ methods to target victims when they visit a malicious website.
HummingBad now controls over 10 million devices across the global and generates $300,000 per month in fraudulent ad revenue, says CheckPoint.
In a blog post, CheckPoint adds:
Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate. For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly-targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder.
According to the CheckPoint analysis, HummingBad and Yingmob’s Android apps show over 20 million ads per day, receiving 2.5 million clicks, whilst installing 50,000 fraudulent apps.
However, HummingBad may also be linked to ad fraud on iOS devices.
For now, mostly users in China and India are affected. However, users in other areas are affected too as shown below.
Affected users by area
The companies declined to comment on the issue.