Summer 2017’s Most Common Android Malware

Android malware is no joke. Its prevalence has exploded ever since HTC Dream, the first commercial Android phone, launched in 2008. G Data Security identified 1,192,035 new Android malware samples in 2013, and 3,246,284 new Android malware samples in 2016. That’s about 2.7 times as many samples in 2016 as they had three years before. They expect 3,500,000 new Android malware samples by the time 2017 is over.

Clearly, endpoint security for Android devices is vital and they should all be running updated antivirus (AV) software whether for personal or enterprise use. But we know that devices aren’t always as up to date as they should be, and that’s been a problem historically with Android devices, in particular.

On July 17, Check Point Software released a rather interesting report. Its focus was “malvertising campaigns,” but what really caught my attention is the three common Android malware families that they refer to as their top three “most wanted” mobile malware. I decided to take a closer look at them.


Hummingbad is the big one. According to Check Point, it accounts for over 72% of all mobile infections. Check Point first discovered it in February 2016. It often appears on devices via a drive-by download attack. Check Point identified payloads on adult content sites, but other types of webpages and Internet resources are delivering payloads as well. One component tries to acquire root privileges on its own. Failing that, a second component tries to acquire root with a fake system update notification.

Whether or not its privilege escalation attack is successful, Hummingbad and its variants will try to download as many malicious apps as possible to a user’s device. One malicious component known as SSP installs malicious apps and displays illegitimate ads. Device booting, connectivity changes, and turning the screen (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog