Security researchers at Cheetah Mobile Security Research Lab believe they could have discovered one of the largest trojan families of all time, affecting millions of Android devices around the world when it was in full swing.
The mobile phone trojan family, known as "Hummer," gained traction in early 2016 when it was infecting "nearly 1.4 million devices daily at its peak," according to Cheetah Mobile. Hummer is thought to have originated in China relative to underground industry there, based on an email address linked to the domains used, and it saw 63,000 daily infections in China alone.
SEE: BYOD (Bring Your Own Device) Policy (Tech Pro Research)
If the numbers are accurate, the Hummer trojan family could be one of the biggest ever. While the total number of new infections is dropping off, the average number of infected devices is 1,190,000—a larger number than any other mobile phone trojan. That's bad news for Android users, but it means big bucks for the bad guys.
According to Cheetah Mobile's blog post: "if the virus developer were able to make $0.50 (the average cost of getting a new installation) every time the virus installed an application on a smartphone, the group behind this trojan family would be able to make over $500,000 daily."
So, what exactly does the Hummer trojan do? For starters, it will root the phone (basically unlocking the OS) to gain admin privileges. This leads to frequent pop-up ads and background installation of unwanted apps, games, pornographic applications, and malware. Even if a user uninstalls these apps, the trojan will reinstall them.
Perhaps the most astonishing information were the results of Cheetah Mobile's test on the Hummer trojan. "In several hours, the trojan accessed the network over 10,000 times and downloaded over 200 APKs, consuming 2 GB of network traffic." If your carrier throttles your data, you should hope and pray that you don't have this trojan.
The top five most-affected countries, by number of infections, were as follows:
- India - 154,248
- Indonesia - 92,889
- Turkey - 63,906
- China - 63,285
- Mexico - 59,192
SEE: Three important security upgrades to Android N (TechRepublic)
The latest evidence suggests that the Hummer family has upwards of 18 different root methods. Because of the kind of control it can gain over a device, normal anti-virus tools won't clear it out. Even worse, performing a factory reset on the device won't get rid of it either.
So, how can you get rid of it? Cheetah Mobile claims its trojan Killer app will remove Hummer, or users flash their device to get rid of it as well.
The 3 big takeaways for TechRepublic readers
- The mobile trojan family Hummer could be one of the largest ever, with the number of infected devices hitting 1.2 million.
- Hummer roots an Android device to gain admin control and installs unwanted apps, games, porn apps, and malware. In a few hours, it accessed the network more than 10,000 times and used 2GB of network data.
- Hummer cannot be removed even by factory resetting a device. Cheetah Mobile's Killer app supposedly will remove the trojan, or users can flash their phone to remove it.
- Android Security Update May 2016: What you need to know (TechRepublic)
- LizardStresser botnet targets IoT devices to launch 400Gbps attacks (ZDNet)
- 10 do's and don'ts for securing your Android device (TechRepublic)
- Symantec security flaws are "as bad as they get," says researcher (ZDNet)
- How to find out your Android Marshmallow Security Patch level (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.