Here at Komando.com, our goal is to keep you safe in this constantly evolving world of digital threats and dangers. Just a few days ago, we reported about how millions of Android devices could be susceptible to brute force attacks. Now, a new nasty piece of malware has infected close to 10 million Android devices worldwide. That's scary!
Security experts revealed that a new malware has been spreading rapidly across the globe, with 288,000 infections in the U.S. alone. Named HummingBad, this malicious software takes root access in an Android device to generate false ad clicks, and in some cases, download unauthorized apps.
HummingBad has been traced back to the Beijing based company Yingmob, a supposedly legitimate developer of advertising analytics software. The fake ad clicks and app downloads could reportedly generate up to $300,000 worth of revenue per month for the firm.
The infection takes hold of a device via the drive-by download method, where the victim is directed to a website that hosts the malware in attempts to gain root access to the device. A secondary method is through fake system update notifications that grant system-wide authorizations to the malware.
Although HummingBad is currently being utilized solely for ad revenue generation, it could potentially be more than just that. Since it has root access, it could transfer personal information, spy on the victims or turn the infected devices into botnets.
The infections are mostly in Asia but HummingBad has spread to the U.S., Europe and Australia, as well.
So how could you tell that your Android device is infected? There is no concrete way of telling, but if you suddenly get more ads on your phone, or your data usage has gone up unexpectedly, you may want to check your device. Also, if you notice apps on your phone that you don't remember installing, that's another red flag.
To protect yourself from this and future malware threats, there are a few tips to keep in mind.
First, never side load apps from unknown sources. To be safe, only download apps from the Google Play app store and even then, check the user feedback first before you install.
Second, be careful with links and websites you visit. Drive-by malware downloads could happen anytime without you knowing it. Don't grant any system permissions to prompts coming from unknown sources.
Lastly, have malware scanning and protection for your Android device. This could proactively warn you and stop malicious software from installing as they come.
As the cliché goes, an ounce of prevention is worth a pound of cure.