10 million Android Devices Reportedly Infected with Chinese Malware

According to the cybersecurity software maker Check Point, 10 million Android devices have been infected with the HummingBad malware. Check Point has been monitoring HummingBad since February, and there was a spike in infection in mid-May. Surprisingly, HummingBad was developed by the otherwise legitimate Chinese multimillion-dollar advertising analytics agency, Yingmob, based in Beijing. HummingBad began as a “drive-by download attack,” in which phones were infected when people visited websites. Once a device was infected, the malware would accrue fraudulent ad revenue (up to $300,000 per month) through the forced downloading of apps and clicking advertisements. What is even more alarming is that access to the device and personal information can also be sold. Check Point estimates 85 million devices have the group’s apps installed, but very few likely have the malware. India and China took the hardest hit, while upwards of 288,000 devices in the U.S. were  suspected to have been infected. Mobile platforms have become very vulnerable this year, with the previously thought virus-proof devices suffering numerous attacks, including Yingmob.