Yesterday, Cheetah Mobile Security Research Lab issued warnings against a brand new mobile phone trojan family, called “Hummer.” According to the statistics, Hummer infected almost 1.4 million devices daily during the first half of this year. Only in China, there were up to 63,000 infections per day. The collected evidences show that the Hummer trojan family has some similarities with the underground industry chain in China.
According to security experts, this trojan family is one of the largest ever, with millions of Android phones infected worldwide. Considering the Cheetah Mobile’s estimation, if the developers of Hummer were able to make $0.50 (the average cost of getting a new installation) every time the virus installed an application on a smartphone, the hackers behind the trojan family would be able to make over $500,000 per day.
After a mobile phone is infected with the Hummer trojan, it will root the device to obtain administrator privileges of the system. After that the trojan will frequently pop up ads and silently install unnecessary or unwanted applications in the background, which consumes a lot of network traffic.
Due to the ability of the Hummer trojan to gain the highest control over the phone system, ordinary anti-virus tools are not able to clear the trojan thoroughly – even performing a factory reset on the device won’t get rid of it.
After analyzing the samples, the Cheetah Mobile experts discovered the domain names used to update the trojan. From the beginning of this year, the hackers behind the Hummer trojan family started using 12 domain names to update the trojan and issue promotion orders.
Through the Whois history information, the experts discovered that several of the domains are linked to an e-mail account in mainland China. Based on the trojan codes uploaded to an open-source platform by a careless member of the criminal gang, security researchers think that the Hummer trojan family originated from the underground internet industry chain in China.
The data collected by Cheetah Mobile Security Research Lab between January and June 2016, shows that the average number of Hummer-infected phones is 1,190,000, which is larger than any other mobile phone trojan.
Hummer is distributed throughout the world, though India, Indonesia, Turkey, and China have seen the largest number of infections. Due to the fact that India has the most Hummer trojan infections, Cheetah Mobile Security Lab investigated deeper. Among the top 10 trojans affecting most users in India, the second and third are members of the Hummer trojan family, and the sixth is a trojan that’s promoted by Hummer.
The members of the Hummer trojan family are embedded with a root module, and the latest variant has as many as 18 different root methods.
