It's called HummingBad? Seriously?
Researchers at Check Point have published a blog detailing their report on a new bit of nastiness stealing data from Android phones and translating to hundreds of thousands of dollars in revenue for a Chinese group called Yingmob. The revenue comes from delivering ads, creating false clicks on those ads by making the buttons bigger than they look, and using those clicks to install one of over 200 apps the group has for keeping users connected to this network.
Are you in danger? How can you tell? Are your friends having data stolen and handed over to this group without their knowledge? Is there a worse name they could have used? It turns out there's a very low likelihood that this was ever a problem for you, but here's what you need to know about HummingBad and how to stay safe from this group.
What is HummingBad?
A lot of things, actually. HummingBad refers to malware that tries to establish a foothold on your Android. Once it is successful, Whatever you have that is running HummingBad can create false clicks for the ads being produced by the Chinese company hosting the malware. This generates a lot of money for that company, but the Malware also tries to install additional apps to pull more of your personal data from the version of Android you are using. The installation attempts include attempting to see if your phone can be rooted, which would lead to Yingmob having significantly more control over your phone. If the root attempt fails, app installation attempts are made through the normal Android sideload mechanism, which gives the user a pop-up asking if they're sure they want to install the app.
Researchers are currently aware of 10 million devices globally that have been infected with HummingBad at one point or another, but Check Point also offers information that suggests HummingBad's infection rate is dropping sharply.
How do I know if I have HummingBad on my phone?
There are a couple of apps you can use that will scan your system for HummingBad, but before you use them it's important to understand the infection process. If you've never had the "Unknown sources" box on your phone checked, and you've never installed an app from somewhere other than the Google Play Store, it's nearly impossible for HummingBad to have infected your phone.
If you're using a phone with the Google Play Store for apps, and you regularly use it to install apps, Google's app scanning service will detect apps on your phone that are misbehaving and advise you to uninstall them. This includes HummingBad apps, so if you've seen one of those messages and dismissed it in the past, act on it right now.
Check Point, the company that published the report on HummingBad, says since the tools to detect HummingBad are publicly available, any security app will do. None of the apps we checked in the Play Store announce the ability to detect HummingBad as a feature yet, but Kaspersky or Avast should be able to help if you feel the need to check.
How do I get rid of HummingBad?
Those security apps may help you detect HummingBad, but they can't guarantee the Malware has been removed from your phone. No app you can install from the Google Play Store can make that guarantee, no matter what they claim.
To fully get rid of HummingBad, you need to perform a factory reset on your phone. This will totally erase all of the data you've previously installed on your phone, forcing you to start over. Make better decisions this time, don't install things from places that aren't the Google Play Store.
Am I really safe from HummingBad?
As long as you stick to the Google Play Store, yes. Google knows companies will use fake buttons to try and get you to click OK for security related things. The Android Security Team won't allow apps that use these tactics in Google Play, and haven't done so for a while. Keep that "Unknown sources" box unchecked and only install apps you trust from Google Play. As long as you do this, you're safe from HummingBad.