1. Download our Official Android App: Forums for Android!
  2. Download the #1 Android News App:   EarlyBird - News for Android
    HummingBad malware affects 85 million Android devices
    A new malware called HummingBad is being warned against today. CheckPoint - a security research group - discovered the malware.

    After doing some digging into the group which apparently originates in China, it's said the malware can generate as much as $4 million per year in ad revenue. The malware supposedly currently affects over 85 million Android devices.
     
  1. AppleUser

    AppleUser Android Enthusiast
    Rank:
     #177
    Points:
    78
    Posts:
    587
    Joined:
    Oct 26, 2011

    Oct 26, 2011
    587
    50
    78
    How does one know when their phone is infected ? How to cure ?
     
  2. HoovaDevil

    HoovaDevil Lurker
    Rank:
    None
    Points:
    6
    Posts:
    1
    Joined:
    Jul 13, 2016

    Jul 13, 2016
    1
    2
    6
    I've recently found Shedun (aka Hummingbad, according to Lookout) on a brand of tablet sold on Ebay. These tablets are cheap and claim to have twice the RAM/storage than is actually installed which adds insult to injury.

    Running a detection tool such as Lookout should verify that a device is infected. You may also have noticed that apps are being installed (I saw 2 games appear on my home screen within a few minutes of connecting to Wifi).

    Running Lookout immediately flagged 'QuickSearch' as being part of the Shedun family however it failed to remove it. I thought it might be a simple matter of deleting it manually however the APK is only one piece of the puzzle.

    Attempting to root the device proved difficult but was eventually done using one of the PC/APK combos. However, deleting QuickSearch.apk was futile as it would cause multiple errors and always reappeared on boot.

    I decided to replace the installed OS with another that didn't spoof the RAM/storage sizes and perhaps would allow me to replace the affected packages. After downloading dozens of candidates I eventually found a system image (also infected) that I could root and ultimately remove the offending APK and replace other non-Google versions of packages using image editing tools.

    So, how to cure? It may be impossible or at least beyond the capabilities of most Android owners. I spent way too much time and effort searching for a solution to no avail and then decided to try anything that might. At the end of it I have a tablet that appears to be free of Shedun according to Lookout and AVG, but is it?

    Reading reports from various sources the Shedun family is system pervasive and for most that means that nothing can be done and installing an uninfected system image, if there is one available, seems to be the "easiest" option.

    As this malware has root access, downloading apps is not the limit of its capabilities. With this in mind I would avoid using any such device for financial transactions, internet banking, sensitive email accounts etc.

    As for the downloading of unwanted apps it may be possible to block this behaviour by disabling the 'unknown sources' option in the security settings. I can't confirm that this works as so far (fingers-crossed) this no longer occurs on my tablet. If it does work then at least you'll be depriving "them" of some ill-gotten gains.
     
    #3 HoovaDevil, Jul 13, 2016
    Last edited: Jul 13, 2016
    fearmenotgod and scary alien like this.
  3. fearmenotgod

    fearmenotgod Member
    Rank:
    None
    Points:
    28
    Posts:
    31
    Joined:
    Oct 3, 2015

    Ya dig!!!!! Good quick info HoovaDevil. Thanks for posting your efforts and I'd say mission accomplished, very tactical indeed as it seems various strategies must be brought out to get rid of the mal-ware .
     

Share This Page

Loading...