Security Threat for Old Android Phones: Auto Rooting Apps Malware Detected

Old android phones have suddenly encountered a security threat in the form of malware that has affected more than 10 million phones till now out of which almost 286,000 handsets are from US, as per the numbers revealed by security experts. The major share of infected phones still belongs to China.


This malware family is labeled as “HummingBad” by the researchers from Checkpoint, the renowned security firm. However, according to the mobile security experts, HummingBad is the same malware Shedun that was known in last November. The malware that is speedily infecting phones with older version of Android is auto-rooting virulent malware and have been installing 50,000 or more fraudulent apps on daily basis, which may display around 20 million malicious advertisements capable of generating the revenue of more than $300,000 every month.

It is penetrating quite fast in the countries like China, United States and Philippines due to the rootkit that inserts deep into the operating system of the handset. The promoters of this malware will have full control of the handset once it settles there as it is not possible to detect it after it becomes the part of mobile operating system. This rootkit exploits the loopholes present in the older Android versions like KitKat and JellyBean. The vulnerabilities of one of the most common operating systems has raised a major concern amongst the experts. The main trouble is that it stays there even when the phone is formatted. Hence, it is there to stay.

Once, the phone is infected it is controlled remotely by the expert controllers who would use it to click on ads that pop up suddenly in the middle of the operation. This will make the ads look popular as large number of fake clicks are generated, which would be the source of income for the makers and promoters of this malware. The auto clicks controlled by remote application would also install the bogus apps that are actually designed as the version of popular apps on Android. This one malware is capable of offering the complete control of your phone into the hands of its makers and would also earn substantial sum for them to develop it further. The promoters of fake ads and apps are paying to this gang as they get instant popularity without luring the customers by any other means. It serves as the shortcut to success for both the parties.

These wrongly installed apps will remain in the phone after factory reset and would not even allow the user to uninstall the same. The scope of using this malware for malicious activities is quite high and if it would keep on earning money at the same rate then soon its makers will start using it to hack the phone for all wrong reasons and use the data for many fraudulent transactions.

Google’s Take on This Rising Security Threat

This threat is very much known to Google and they have been strongly looking into the matter. The company has released a statement stating that they have known about this evolving malware since long and have been working on the improvements in their system since then. The system has been made capable of detecting such threats and stopping it before any damage is caused to the phone, user or the data.

Android Marshmallow

New version of Android that is called Marshmallow detects this malware, blocks any installation of malicious apps and ensures the safety of user data. The expert team of Google is on its toes to tackle the vulnerabilities in the operating system. The latest security update states that about 108 vulnerabilities are detected and corrected by Google. The technology giant has fixed about 270 bugs in Android this year and still counting! The older Android versions are very much vulnerable to HummingBad but the phones that are not yet infected can opt for upgrading to latest Android version by updating the software and operating system online.

Checkpoint Analysis Against Lookout Analysis

While the security experts globally are investing their expertise in understanding this malware and ways to rectify the issue, the security firms are also debating about the infrastructure it is using for this destruction and what it should be called? The representative from Checkpoint has stated clearly in the blog post that HummingBad is not Shedun as stated by Lookout. The post is also supported by Eleven Paths security firm. It has been mentioned that the infrastructure used by HummingBad has only few things in common with Shedun. The representative of Lookout standing by their analysis have further added that the company will come up with detailed analysis proving their point in coming days.

Checkpoint has been studying this issue since five months now and have concluded that there are indications that Chinese advertising company is behind HummingBad. It infiltrates the command and takes the full control of the phone. The unusually tight control it gains over the handset allows it to create windfall profits that increase exponentially thereof. It also sends fake numbers to Google Play Store and brings fake popularity to the bogus apps and advertisements.

Till now this much talked about malware HummingBad is engaged in suspicious activities related to fake pop-up ads, click frauds, Google Play tempering, additional apps installation but there are no major frauds listed till now. It is not yet using the passwords and security keys of the phone as there is sandbox security mechanism present in Android that protects all crucial data. The system applications have the permission to access the crucial data but this malware is believed to be still struggling in cracking this security wall but the experts believe that soon this gang would work in evolving the malware further and make it a major security threat.

Currently HummingBad is gaining popularity in news but soon Google will find ways to tackle this security risk efficiently so that their phones remain as safe as ever. Security firms and experts are doing their job too in order to protect the mobile users across the globe.

Leave a Reply

Your email address will not be published. Required fields are marked *


  1. Prathik Avatar

    Very informative thank you for the post

  2. Surya Kumar Avatar
    Surya Kumar

    Being unable to get phones upgraded and patched in a timely manner (at all) is the single largest problem with the Android ecosystem. Since the OEMs ultimately sign off on their own custom spins of Android, don’t these security flaws constitute defects in their product which they should be held liable for under their warranties?

    1. Atul Avatar

      Right Surya Kumar, As the ecosystem is open and allowed to custom spin, such devices are liable under their warranties, but mobile phone manufacturer’s add their custom rules and regulations to stay away from such costs. Since it is open source we can not do much here, just wait for the patch to fix such issues. Thanks for the feedback it is really important point which should be discussed on large scale.

  3. Rahul Sharma Avatar
    Rahul Sharma

    Once my phone is infected with “HummingBad” what should I do to save my mobile??

    1. Atul Avatar

      Hi Rahul, just wait for the patch or updates in Android, do not tend to install any antivirus as it does nothing.