A newly found mobile trojan family has quickly become the No. 1 Android malware in the world. As of the end of June, the average number of Hummer-infected phones stands at almost 2 billion, which is a larger install base than any other mobile phone trojan.
Hummer infected nearly 1.4 million devices per day during the first half of 2016, according to data collected by Cheetah Mobile Security Research Lab. In China alone, where it originated, there were up to 63,000 infections daily. But the Hummer trojan is spreading throughout the world, and India, Indonesia and Turkey now see the largest number of infections.
Its footprint makes it a lucrative enterprise: Based on Cheetah Mobile’s estimation, if the virus developer were able to make $0.50 (the average paid for a new installation) every time the virus installed an application on a smartphone, the Hummer group would be able to make more than $500,000 daily.
When a mobile phone is infected with the Hummer trojan, it will root the device to obtain administrator privileges of the system. It then continually pops up ads on victims’ phones, which is extremely annoying—but it doesn’t stop there. It also pushes mobile phone games and silently installs porn applications in the background. Unwanted apps will appear on these devices, and they’re reinstalled shortly after users uninstall them.
“Cheetah Mobile Security Research Lab made a test with the Hummer trojan, and the findings were astonishing: In several hours, the trojan accessed the network over 10,000 times and downloaded over 200 APKs, consuming 2 GB of network traffic,” the firm noted in an analysis.
As for where it came from, Cheetah Mobile uncovered that it has something to do with the underground industry chain in China. After analyzing the samples, it became clear that the group behind Hummer is using 12 domain names to update the trojan and issue promotion orders. Through the Whois history information, researchers found that several of the domains are linked to an email account on mainland China.
Unfortunately, since the Hummer trojan can gain the highest control over the phone system, ordinary antivirus tools are not able to clear the trojan thoroughly—even performing a factory reset on the device won’t get rid of it.
The threat is also wide, with numerous Hummer variants. For instance, among the top 10 trojans affecting most users in India, the second and third are members of the Hummer trojan family, and the sixth is a trojan that’s promoted by Hummer.
“The Hummer trojan family members are embedded with a root module, and the latest variant has as many as 18 different root methods. Again, once a phone is infected, the trojan gains root privilege, which makes it very difficult to delete,” Cheetah Mobile said.
As ever, the best defense against being buzzed by Hummer is to install only trusted apps from a trusted app store, like Google Play.
Photo © StockPhotosLV/Shutterstock.com