Android trojan creators rake in $650,000 per day

By on
Android trojan creators rake in $650,000 per day

A new Trojan, dubbed Hummer, that's infecting Android phones, is yielding its creators more than US$500,000 (AU$667,000) per day, researchers at Cheetah Mobile Security Research Lab revealed in a blog post.

In a warning issued last week, researchers said that at its high point, Hummer infected about 1.4 million Android devices each day with 63,000 infections occurring daily in China. They said the trojan family, believed to be one of the largest ever, is connected in some way to “the underground industry chain in China”.

If Hummer's creators make 50 US cents each time the virus is installed on a smartphone app, they stand to easily make half a million US dollars. Once a phone is infected, Hummer roots it to gain admin privileges, making it difficult, if not impossible, for traditional anti-virus tools to get rid of it.

All members of the trojan family are embedded with a root module but the Hummer variant features up to 18 different root methods, the researchers said.

Starting in early 2016, the group behind the Hummer family began using 12 domain names, several of them linked to an email in mainland China, to update Hummer and issue promotion orders, the researchers said.

“The researchers believe that this trojan family originated from the underground internet industry chain in China, based on the trojan codes that have been uploaded to an open-source platform by a careless member of the criminal group behind the trojan family,” according to the blog, which noted that the number of phones being infected with Hummer is larger than with any other mobile phone trojan.

It also might be the most bothersome. “This trojan continually pops up ads on victims' phones, which is extremely annoying. It also pushes mobile phone games and silently installs porn applications in the background,” the blog post said. “Unwanted apps appear on these devices, and they're reinstalled shortly after users uninstall them.”

In a test conducted by Cheetah, “the trojan accessed the network over 10,000 times and downloaded over 200 APKs, consuming 2 GB of network traffic”, activity that the researchers said was “astonishing”.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


Will Coronavirus impact the channel?
Yes - By making it harder to order hardware
Yes - Cancelled conferences and business trips will be widespread
Not directly - It will slow the economy and that may have an impact
No - We can't see any impact
Not negatively - It's already created demand for things like remote access
View poll archive

Log In

Username / Email:
  |  Forgot your password?