SNPS1368137272 ee solutions semiwiki ad 800x100 px
WP_Term Object
    [term_id] => 97
    [name] => Security
    [slug] => security
    [term_group] => 0
    [term_taxonomy_id] => 97
    [taxonomy] => category
    [description] => 
    [parent] => 0
    [count] => 291
    [filter] => raw
    [cat_ID] => 97
    [category_count] => 291
    [category_description] => 
    [cat_name] => Security
    [category_nicename] => security
    [category_parent] => 0

Android Auto-Rooting Malware – You Can Run But You Can’t Hide

Android Auto-Rooting Malware – You Can Run But You Can’t Hide
by Bernard Murphy on 07-14-2016 at 7:00 am

There has been a startling rise in a class of Android auto-rooting malware which is believed to affect over a  quarter of a million phones in the US and well over a million in each of India and China. The attack has primarily infected older versions of Android (so far) – KitKat, JellyBean and Lolipop primarily.

The malware, known as Shedun or HummingBad, is believed to be produced by Chinese mobile ad-server company Yingmob and primarily installs fraudulent apps and serves malicious ads. Yingmob today generates healthy revenue purely from these services but having root access to millions of Android devices obviously allows them to expand into even more malicious services in support of cyber-criminals, state actors and others.

The malware seems to start, at least in some cases, through drive-by download. You visit a website (porn websites are apparently notorious for this) from which the software installs without you having to accept any download. Once downloaded, the exploit gains root access to the host phone and installs itself as system software.

The exploit is quite sophisticated in its installation and is nearly impossible to remove. Among other things it updates recovery information so that even if you do a recovery on the phone, it will be recovered along with other software. It seems that the only cures to removing this exploit are to either reflash the ROM or buy a new phone. Users are advised to live a virtuous life (stay away from porn sites) and to bar all downloads from outside Google Play; that action alone apparently reduces success rates in general for Android malware.

You can read more HERE.

More articles by Bernard…

Share this post via:


There are no comments yet.

You must register or log in to view/post comments.