Skip to content ↓ | Skip to navigation ↓

The Android malware “Hummer” is now the number one mobile trojan in the world, finds researchers.

Threat analysts at Cheetah Mobile Security Research Lab reveal in a blog post the extent to which Hummer malware infections took off in 2016:

“During the first half of 2016, the Hummer trojan infected nearly 1.4 million devices daily at its peak. In China alone, there were up to 63,000 infections every day.”

The trojan infected an average number 1.19 million devices between January and June 2016, which is nearly double the number of every other known mobile malware.

hummer malware cheetah
Source: Cheetah Mobile

Based on Hummer’s rate of infection, the security firm estimates that the developers of the trojan family could make 500,000 USD daily simply by collecting $0.50 from each successful installation.

Cheetah Mobile’s analysis reveals the malware is connected to 12 domains that are all linked to an email account located in mainland China.

“The researchers [therefore] believe that this trojan family originated from the underground internet industry chain in China, based on the trojan codes that have been uploaded to an open-source platform by a careless member of the criminal group behind the trojan family.”

Even so, India, Indonesia, and Turkey have all seen higher infection totals than China. In India alone, Hummer-related malware nabbed second place, third place, and sixth place in a list of top 10 trojans.

hummer malware cheetah 2
Source: Cheetah Mobile

Upon successful infection of an Android device, each member of the trojan family uses one of 18 rooting methods to gain root privileges. The malware then leverages that access to push ads onto the device, as well as install unwanted games and pornographic applications onto the device.

A test conducted by Cheetah Mobile revealed that in just several hours, the malware had accessed the network over 10,000 times and downloaded over 200 APKs, which consumed 2 GB of network traffic.

As it acquires root privileges, Hummer is difficult to uninstall. Neither regular anti-virus tools nor even a factory reset will remove the malware.

Users who think they have been affected by Hummer should download Cheetah Mobile’s trojan Killer app on Google Play, or they should flash their devices.

To protect themselves against the trojan, users should never download apps from third-party markets. They should also be on the lookout for SMS spam, which if clicked can install malicious applications like MazarBOT.

To learn more about how Tripwire can help you stay secure, click here.