As many as 10 million Android smartphones have been hit by a malware attack that generates fake clicks for adverts , while also installing apps to spy on browsing habits.
The majority of the attacks have happened on Android handsets in China, and it’s believed scam is pulling in around £200,000 a month for its creators.
Hidden malware installation
Security companies have identified the malware as Hummingbad, also known as Shedun, a type of malware known as rootkit that inserts itself deep into a devices operating system to not only avoid detection but give its operators total control of the tech.
Which means the owner of the phone loses control of their own handset.
The operators of the malware then install fake versions of popular apps or spread programs the criminals have been paid to promote, and then click on ads to make them seem more popular than they actually are.
And this malware uses its root privileges to install additional apps to not only increase revenue for its creators, but also make sure it survives any attempts to remove it, even a factory reset.
So once installed, it all but impossible to get rid of.
The malware is affecting older versions of the Android operating systems – KitKat and JellyBean – and the fear is the program will evolve to affect the newer operating systems and controller will use access for purposes other than clicking on adverts.
Google said in a statement: “We’ve long been aware of this evolving family of malware and we’re constantly improving our systems that detect it. We actively block installations of infected apps to keep users and their information safe.”
Security updates for Android have closed more than 270 bugs this year alone, and Google has tackled more than 108 separate vulnerabilities in the operating system since it released the latest security update for Android this month.
Always make sure you regularly update your passwords and make them secure – here’s how…
Image ‘Virus’ by Miniyo73 on Flickr.