A rogue software app has hijacked millions of Android smartphones and tablets without alerting device owners.
HummingBad is malware that has infected more than 85 million Android devices in six months.
The malicious code is unwittingly downloaded when someone browses a web site in what is termed a ‘drive by’ attack.
The malware then attacks the device operating system to take access email accounts, passwords and contact details. If the code cannot take over the phone directly, the user is fooled into loading the app with a false software update message.
Once HummingBad is in charge of the device, personal data is sent to hackers who are suspected of identity theft.
The malware also downloads apps and advertising on the device.
Security experts unmask hackers
“The hackers can sell user data or make money from generating advertising,” said online security firm Check Point.
The firm alleges Chinese hackers called Yingmob are responsible for HummingBad.
Yingmob is described as highly organised with 25 employees. Yingmob is also suspected of sharing resources and technology with a Chinese advertising analytics company.
The gang has made US$300,000 month from fraudulent advertising revenue arising from the cyber-attacks, says Check Point.
The hackers are unmasked in a detailed report from Check Point that even pinpoints their office address in the city of Chongqing.
“While profit is powerful motivation for any attacker, Yingmob’s apparent self-sufficiency and organizational structure make it well-positioned to expand into new business ventures, including productizing the access to the 85 million Android devices it controls,” says the report.
“This alone would attract a whole new audience – and a new stream of revenue – for Yingmob. Quick, easy access to sensitive data on mobile devices connected to enterprises and government agencies around the globe is extremely attractive to cybercriminals and hacktivists.”
EasyDoc warning for Mac users
Meanwhile, another security firm Bitdefender claims an app for Mac software called EasyDoc Convertor loads malware and allows a remote hacker to take control of the system to steal data or spy on the owner.
“Someone can lock users out of their computers, threaten blackmail to restore private files or take over a laptop as a botnet to attack other devices. The possibilities are endless,” said a spokesman for the firm.