Chinese Android Malware Infected 1.4m Devices, Earned £376,000 A Day

An Android malware family originating in China has spread to become the top mobile phone Trojan, infecting more than 1.4 million devices daily at its peak, according to security researchers.

The “Hummer” family of Trojans, a type of malware that spreads by concealing its true nature, infected up to 63,000 devices per day during the first half of this year, according to Cheetah Mobile Security Research Lab.

Lucrative business

The firm estimated that if the virus’ developers were able to make 50 cents (38 pence) for each new installation on a smartphone, the group would have taken in an average of $500,000 (£376,000) per day during the period.

The company found 12 Internet addresses housing control servers used to issue commands to the Trojan, some of them linked to email accounts in mainland China, and this and other evidence led Cheetah to conclude that the malware’s developers are linked to the Chinese Internet underworld.

India has the most infections, followed by Indonesia, Turkey and China, but the US and European countries including Germany, Spain and Italy have also seen thousands of infections, Cheetah said.

“This trojan family is one of the largest ever, with millions of Android phones infected around the world,” Cheetah said in an advisory.

Adware

Once installed, the malware obtains root privileges on the device, making it difficult to remove without reinstalling the device’s firmware, Cheetah said.

It displays frequent pop-up ads and installs unwanted applications, malware and porn software which consume large amounts of network bandwidth, the firm found.

A test installation of one Hummer variant accessed the network more than 10,000 times over a period of several hours, downloaded 200 applications and consumed 2 GB of network traffic, Cheetah said.

Security experts advise users to avoid such threats by downloading software only from well-known app stores and running security software; however, malware is regularly found to have infiltrated even reputable app stores such as Google Play.

Mobile devices are increasingly being targeted by attackers, with security researchers Kaspersky Lab recently finding that ransomware on the Android platform increased four-fold from April 2014 to March 2015.

Are you a security pro? Try our quiz!