Mobile Security Threat to 85 Million Android Phones

Erik Bernstein computer security, crisis communications, crisis management, mobile security Leave a Comment

Could the HummingBad hack create problems for your organization?

There is currently an epidemic of Android device hacks, with the largest number coming from a highly organized Chinese cybercrime group that effectively controls some 85 million mobile devices around the world. This organization, which operates as a division of Chinese mobile ad server company YingMob, has monetized their operation in several ways. Some $300,000 is generated each month via fraudulent ad revenue gained through simulating clicks and installs of their own apps, but the most concerning is the potential to sell access to these devices (or directly sell the data contained on them) to the highest bidder. There is already evidence that a number of items related to this hack are being sold on the Dark Web, and it’s likely that the financial success thus far will lead to far more sales as information is gathered.

The hack is known as “HummingBad” and it uses a malware that “roots” mobile devices, giving attackers full access to the system and all of its functions. This typically includes not only items like files and emails, but the ability to take photos and video record remotely. HummingBad installs more than 50,000 fraudulent apps per day, and targets users the world over.

There is a bit of good news – at this time the free app “ZoneAlarm Mobile Security” is able to detect and remove the rootkit successfully. Unfortunately there’s no telling how long that will be true as the amount of money at stake gives hackers plenty of motivation to defeat any protection out there.

Mobile security does have some particulars that are outside of your typical IT security efforts, largely due to the way users inevitably access their devices outside of secured company networks, as well as using them for a mix of work and personal life. If you haven’t been firm with employees about the importance of protecting and regularly scanning their devices, if you haven’t done the same for your own phones and tablets, then your data may be at risk.

The BCM Blogging Team

Leave a Reply