HummingBad malware that generates fake clicks for adverts found on 10 million Android phones

Malware

Up to 10 million Android smartphones could have been infected by a malware called HummingBad that spies on the browsing habits of smartphone users and generates fake clicks for adverts according to a new report from security companies Checkpoint and Lookout.

The malware installs itself deep inside a phone’s operating system to avoid detection and gives its creators complete control over the handset, according to the security companies.

It can then installs apps on a user’s device and spy on their browsing habits, as well as generating fake clicks for online adverts. By doing this, the malware is reportedly making around $300,000 (£232,000) a month for its creators.

Checkpoint said in a blog post that it had obtained access to the command-and-control servers that oversee infected phones and this revealed that HummingBad has now managed to infect around 10 million devices.

The sudden spike in phones infected by the malware is a result of its creators adding more functions to the malware or finding new ways to distribute it, Lookout wrote in a blog post. Worryingly, the security company also said that even after a factory reset, the malware "can remain persistent."

The majority of phone that have been infected by the malicious software are located in China, India, Indonesia and the Philippines.

Get The Drum Newsletter

Build your marketing knowledge by choosing from daily news bulletins or a weekly special.