So, how does the malware work?
Then, Hummingbad checks to see if the devices user account is rooted.
Using rootkit, the malware can take over an Android gear by getting root access.
Yingmobs Development Team for Overseas Platform is said to be the group responsible for the malware.
The group also sells access to phones and gives away information stored on them.
In the U.S., that number is 288,800 units.
HummingBad uses a sophisticated, multi-stage attack chain with two main components.
The first component attempts to gain root access on a unit with a rootkit that exploits multiple vulnerabilities.
If successful, attackers gain full access to a unit.
Irrespective of whether rooting is successful, HummingBad downloads as many fraudulent apps to the machine as possible.
In some cases, the malicious components are dynamically downloaded onto a gadget after the infected app is installed.
From the time, the malware was discovered in February, Check Point has been monitoring the malware.
So, in such a scenario, how do you protect yourself?
source: www.techworm.net
