pixel_dreams - Fotolia

China-based Android Trojan netting $500,000 a day

Security researchers say fast-spreading Hummer Android malware could be netting cyber criminals around $500,000 a day for installing porn and other apps on mobile phones

Trojan malware targeting Android mobile phones could be netting cyber criminals more than $500,000 a day, say security researchers.

The estimate is based on the fact that the Trojan, dubbed Hummer, appears to be infecting around one million mobile phones a day and market average payment is $0.50 per infection.

Cyber criminals are increasingly turning their attention to mobile devices. This is reflected by the fact that mobile ransomware has quadrupled in the past year, according to security firm Kaspersky Lab.

At its peak in March 2016, the Hummer Trojan was infecting 1.4 million devices a day, but the infection rate has since eased back, according to the Cheetah Mobile Security Research Lab.

According to the researchers, evidence suggests that Hummer is linked to the “underground industry chain” in China. It has infected users in around 25 countries and continues to spread rapidly.

Researchers have uncovered 12 domain names used to update Hummer and found that several of the domains are linked to an email account in mainland China. Code analysis has also revealed similarities to other Chinese malware. 

So far, the most-affected countries include India, Indonesia, Turkey and China, but significant infections have been detected in the US and Europe, including Germany, Spain and Italy.

Hummer works by rooting the infected device to obtain administrator privileges of the system and then install unnecessary or unwanted applications and even malware in the background, with the latest variant having as many as 18 different root methods.

Read more about mobile malware

“This Trojan continually pops up ads on victims’ phones, which is extremely annoying. It also pushes mobile phone games and silently installs porn applications in the background. Unwanted apps appear on these devices, and they’re reinstalled shortly after users uninstall them,” the researchers said in a blog post.

Because the Hummer Trojan can gain the highest control over the phone system, standard antivirus tools are not able to get rid of the malware.

According to researchers, even performing a factory reset on the device will not completely remove the malware.

However, Cheetah Mobile has updated its antivirus product to block Hummer and has released an app through Google Play for those already infected.

The researchers said the malware can also be eliminated by “flashing” the mobile phone or overwriting the device’s firmware.

Read more on Hackers and cybercrime prevention