Categories: MobilitySecurity

Android Malware Spreads Via Porn Sites

Security researchers have discovered active Android malware that spreads via malicious online advertisements and seeks to take complete control of a targeted device.

The HummingBad malware, which was found on the devices of two employees at a major financial services institution, seems to have infiltrated the Android units via malicous ads displayed on pornographic websites, according to Check Point Mobile Threat Prevention, adding that such malware is also known to spread through major online ad networks.

HummingBad, malware, Android, malvertising, secure-it, security

While HummingBad is relatively harmless for the moment, seeking primarily to drive fraudulent traffic to the Google Play shop in order to boost ad revenues, it remains hidden on the infected system and able to download and install additional components, Check Point said.

“As the malware installs a rootkit on the device, it enables the attacker to cause severe damage if he decides to change his objectives, including installing key-logger, capturing credentials and even bypassing encrypted email containers used by enterprises,” the firm stated in an advisory.

The malware is unusually complex, including two separate attacks that attempt to take over the device – one that does so silently and another that requires user interaction, asking the user to approve the installation of a supposed system software update, Check Point said.

The malware’s malicious components are initially encrypted, making it harder for security software to spot until after the system has been successfully taken over, according to researchers.

Ad fraud

After installation the malware contacts its control servers and tries to download a list of executable files, some of which drive fraudulent traffic to Google Play and others which install fraudulent apps on the system.

“It is interesting to note that all of the command and control servers are still alive and contain dozens of malicious APKs,” Check Point said.

HummingBad is the latest in a series of Android attacks apparently launched by the same group over the past few months, with others including Brain Test, PushGhost and Xinyinhe, according to Check Point.

In September Brain Test was found in applications on Google’s official Play shop, which Google said had been downloaded by up to 1 million users. Google removed similar malware in Play again in January.

Google has frequently been infiltrated by malicious apps, with the Android.Xiny.19.origin Trojan found in more than 60 games earlier this month.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Tech Firms Now Face Fines Under Online Safety Act

Ofcom now has power to issue fines and other penalties for failure to remove illegal…

8 mins ago

OpenAI Argues Case For AI-Friendly US Rules

OpenAI document proposes exemption from state regulations, access to copyrighted materials, promotion of US AI…

11 hours ago

Foxconn Misses Profit Expectations After iPhone Sales Drop

Taiwan's Foxconn misses profit expectations for fourth quarter after iPhone sales decline, but predicts rosy…

12 hours ago

Tesla Developing Cheaper Model Y To Stem China Losses

Tesla reportedly developing cheaper version of popular Model Y EV to stem market-share losses in…

13 hours ago

Global Smartwatch Sales Fall For First Time

Worldwide smartwatch sales see first-ever decline as market leader Apple records 19 percent year-over-year drop

13 hours ago