Rooting Hummer malware brings $500,000 per day to its creator

Android malware with device rooting capabilities has been hitting Google Play for a while now, but for users third-party app stores the situation is even more dangerous.

The Hummer malware family

Hummer, an Android Trojan family that dates back to 2014, has managed to infect as much as 1.4 million devices daily in the first half of 2016, Cheetah Mobile researchers have found.

As the recently spotted fake LevelDropper app in Google Play, various legitimate-looking apps carrying Hummer root the device (the latest variant has as many as 18 different root methods), and then install unwanted applications and make ads pop-up.

Indian users are the most hit, followed by Indonesian and Turkish users. But by now, the Trojan has spread all over the world:

Hummer malware

Who’s behind Hummer malware?

An analysis of the malware’s code and the domain names used to update the trojan and send instructions led the researchers to believe that it originated in China.

“According to data collected by Cheetah Mobile Security Research Lab, between January and June 2016, the average number of Hummer-infected phones is 1,190,000, which is larger than any other mobile phone trojan,” the researchers noted.

The researchers estimate that the developer(s) of the malware could make as much as half a million dollars per day, as $0.50 is the average pay out for pushing a new app installation onto unsuspecting users.

Unfortunately, getting rid of the malware for good is not easy. Performing a factory reset won’t do it – victims will have to flash their device. Alternatively, Cheetah Mobile’s Stubborn Trojan Killer app can apparently boot the malware from the device. I’m guessing the unwanted apps the Trojan installed have to be removed manually.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss