A new Trojan, dubbed Hummer, that's infecting Android phones, is yielding its creators more than US$500,000 (AU$667,000) per day, researchers at Cheetah Mobile Security Research Lab revealed in a blog post.
In a warning issued last week, researchers said that at its high point, Hummer infected about 1.4 million Android devices each day with 63,000 infections occurring daily in China. They said the trojan family, believed to be one of the largest ever, is connected in some way to “the underground industry chain in China”.
If Hummer's creators make 50 US cents each time the virus is installed on a smartphone app, they stand to easily make half a million US dollars. Once a phone is infected, Hummer roots it to gain admin privileges, making it difficult, if not impossible, for traditional anti-virus tools to get rid of it.
All members of the trojan family are embedded with a root module but the Hummer variant features up to 18 different root methods, the researchers said.
Starting in early 2016, the group behind the Hummer family began using 12 domain names, several of them linked to an email in mainland China, to update Hummer and issue promotion orders, the researchers said.
“The researchers believe that this trojan family originated from the underground internet industry chain in China, based on the trojan codes that have been uploaded to an open-source platform by a careless member of the criminal group behind the trojan family,” according to the blog, which noted that the number of phones being infected with Hummer is larger than with any other mobile phone trojan.
It also might be the most bothersome. “This trojan continually pops up ads on victims' phones, which is extremely annoying. It also pushes mobile phone games and silently installs porn applications in the background,” the blog post said. “Unwanted apps appear on these devices, and they're reinstalled shortly after users uninstall them.”
In a test conducted by Cheetah, “the trojan accessed the network over 10,000 times and downloaded over 200 APKs, consuming 2 GB of network traffic”, activity that the researchers said was “astonishing”.