The modern Wild West's guide to mobile malware

The modern Wild West’s guide to mobile malware

Smartphones are mobile – which is precisely why we spend so much time with them instead of our more stationary computers. We do surfing, mobile banking, shopping, chatting – even watching advertisements. In fact, just about everything we do online is now done on the go with our smartphones.

This huge amount of face time we have with our devices is a big lure for cybercriminals. And as they follow the money and the time to our smartphones, they exploit device weaknesses, poorly controlled advertising channels, and human gullibility to develop innovative types of malware– like HummingBad.

HummingBad and its derivatives are a malware family which makes its money on advertising fraud and app installs – flooding the unsuspecting user with ads and apps they can’t get rid of. It’s profitable, too. Each click, every install on the infected device means more money for the bad guys – an estimated $300,000 monthly. With several layers to their attack strategy, they also have plenty of room to add more tricks to their arsenal in the future.

People get HummingBad on their devices by just downloading a booby-trapped app. Supported by fake reviews and four-star ratings, these apps can look pretty good. People have found them in the official Google Play store or, more commonly, from the off-market sites. The malicious app goes to work at the moment it’s downloaded by trying to get root access to the phone – which would allow it to do almost anything. If that fails, it tries to get the user to click on a bogus “System Update” notification. With that one click or the earlier root access or, this malware is ready to display ads and download additional apps any time it wants to – all without requiring anything from the device owner. The bad guys can even change the phone’s IMEI number to increase the number of displayed ads.

The device owner gets a barrage of bogus ads, a stream of new app installs, and a messed-up user experience. To remove this malware, the most common solution is a wipeout for the device owner, as it usually requires a complete reset of the device, wiping out all apps, settings, and saved files.

Avira helps you avoid this type of cyber attack with its high-end security app for Android. The primary security features include blocking identified malware, preventing infected apps from downloading, and identifying suspicious app requests. In addition, Avira lets you pinpoint your phone’s location on a map, increasing the physical security of your device as well as that of your private data on it.

In today’s modern Wild West, banditos would rather go online than to physically rob a bank – more money, less sweat. Jesse James even penned a 5-step Guide to describe the HummingBad tactics and their robbery MO. And while the specific steps from the bad guys may change with each new malware, you can be sure that the outlaws will remain on the prowl to attack your smartphone’s security – and Avira will be ready to stop it.

This post is also available in: GermanFrenchItalian

Avira, a company with over 100 million customers and more than 500 employees, is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.