Check Point, a security firm worldwide, he found that a group of Chinese cybercriminals created malicious software (or ‘malware’) that expands across Android devices and is able to generate revenue by advertising fraud.
the ‘virus’ is called ‘HummingBad’ and was discovered by security company in February this year. Since then, the number of cases has increased to the point that is already operating in 20 countries.
The firm said in a report that the ‘malware’ is installed as a ‘rootkit’ it is ie a program that corrupts the system of devices for cybercriminals have full control over them. This access is used to generate income for misleading advertising through forced downloading applications and perform ad clicks. It is estimated that fraudulent campaign generates $ 300,000 a month .
“One of the interesting aspects of this campaign is the economic impact on users and advertisers. HummingBad uses the full spectrum of events to pay for its operation, including ads, creating clicks, and installation of fraudulent applications, “explains research.
According to the study, ‘ HummingBad ‘is operated by a group of developers of an agency legitimate mobile advertising called’ Yingmob ‘(its headquarters is in Beijing). In concrete figures, the ‘virus’ has managed to infect more than 85 million phones, generating more than 20 million ads per day and more than 2.5 million clicks a day. It is estimated that ‘HummingBad’ has installed more than 50,000 false day applications.
The security firm said that ‘Yingmob’ earns $ 3,000 a day with clicks and $ 7,500 for applications false. In total, Chinese advertising company gets 3.6 million a year .
‘Top’ 20 infected countries
After analysis by Check Point, it was established that there are more than 10 million users worldwide using false applications. China (1’606.384) and India (1’352.772) are the countries with the most infected users. In Colombia there are 137,131 cases
 figures provided by Check Point
|
The attack is aimed at users of the latest versions of the Android operating system. KitKat is the most violated platform, followed by Jelly Bean, then Lollipop, and in the last places are Cream Sandwich and Marshmallow, respectively.
 figures provided by Check Point
|
So runs the malicious software
Check Point specifies that the ‘malware’ is installed on devices from downloading false or from some sites with adult content applications. If in principle the rootkit does not work, the attackers used a second component to notify the victim that your device has a pending update.
When ‘HummingBad’ manages to camouflage, the phone screen turns off and it will turn on automatically; then begin to deploy different ad networks like ‘mobvista’ ‘cheetah’, ‘apsee’ or ‘startapp’. Finally, the ‘malware’ show ‘banners’ of advertising with a button’ close ‘.
Malicious software blocks any attempt to return to the home screen, forcing the user to click the’ banner ‘. That’s when cybercriminals take control cell
Recommendations
In order to protect itself from such attacks, Kaspersky, computer security company offers the following recommendations:.
1) Restrict the installation of applications from sources other than official app stores.
2) If you install applications from sources it is inevitable unofficial, keep an eye on the permissions that the application is requesting. Do not install these types of applications without a security solution in place.
3) Educate your family and yourself on the latest forms of propagation of ‘malware’. This will help detect an attempt at social engineering attack.
4) Avoid clicking on links in messages from people you do not know or unexpected messages from friends.
5) always use a virtual private network to connect to the internet. This will help ensure that your network traffic can not easily intercept and reduces the likelihood that it can be injected ‘malware’ directly into a legitimate application downloaded from the internet.
technosphere
No comments:
Post a Comment