SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
5 Jul 2016

A Chinese ad firm is using malware to get more clicks

Advertising agencies go to great lengths to spread their clients’ messages. Now, researchers have uncovered a new approach: malware.

This month, cybersecurity company Check Point reports that a Chinese group called Yingmob has distributed mobile device malware on a massive scale, apparently alongside a legitimate advertising analytics business.

Listed as based in Beijing's Chaoyang District, Yingmob, a subsidiary of MIG Unmobi Technology Inc., markets itself like any other advertising firm. Its professional-looking website claims its easy-to-deploy ads support text, pictures, and video, and don't affect the user experience. It offers pop-up, sidebar, and in-app adverts. But Check Point's report claims that part of the company—the “Development Team for Overseas Platform,” which employs a staff of 25 people—is responsible for malware it has dubbed “HummingBad.”

This malware allows the injection of adverts into victims' devices. Whenever someone clicks on one of these adverts, Yingmob gets paid, just like a typical advertising campaign. The first infection method Check Point came across was a “drive-by-download,” whereby Yingmob’s malware targets a victim when they visit a malicious website, then proceeds to download malicious apps onto their device. In its analysis, Check Point writes that nearly 10 million people are using malicious Android apps made by Yingmob.

Using its privileged access to infected devices, the company also installs apps on behalf of others, raking in more revenue. In all, the researchers estimate that Yingmob is making $300,000 a month from its campaign.

According to Check Point’s estimates, which are based on an analysis of the HummingBad code and Yingmob's account on a tracking and analytics service, the company's Android apps display more than 20 million advertisements and get 2.5 million clicks per day. Meanwhile, the HummingBad malware installs more than 50,000 fraudulent apps in the same timeframe. Check Point adds that the majority of HummingBad's victims are in China and India, though there are hundreds of thousands of infections in Turkey, the US, Mexico, and Russia too.

But this report just looks at the Android side—Yingmob has also been linked to malware on iOS. In October 2015, researchers from Palo Alto Networks identified “YiSpecter,” a piece of iOS malware that primarily targeted users in China and Taiwan, and which had already been in the wild for at least 10 months. The main link between these two pieces of malware is that they share the same command and control server addresses—the servers that hackers use to communicate with their infected devices. This suggests that Yingmob is behind both.

Internet records show the same email address used to register Yingmob.com is behind a slew of other domains, such as one for an apparent mobile advertising platform called 1Mob; another site selling analytics services; and a third for “mobile marketing services,” which promises “ultra-high returns.” Although Yingmob publicly lists itself as being based in Beijing, Check Point writes that the malware division is located in Chongqing. Neither Yingmob or the registrant behind the other connected sites responded to a request for comment.

Tags:
China fraud information leaks
Source:
Motherboard
2252
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015