Threat of Mobile Malware Rises as Hummingbad Attacks on Android Devices Grow Dramatically


Check Point threat index for February 2016 sees mobile malware become one of the ten most prevalent families attacking ANZ corporate networks and devices for the first time

Check_point_logoCheck Point Software Technologies has revealed the most common malware families being used to attack organisations’ networks and mobile devices in Australia and New Zealand during February 2016.

Check Point identified more than 1,400 different malware families globally during February. For the second month running, the Conficker, Sality, and Dorkbot families were the three most commonly used malware variants, collectively accounting for 39% of all attacks globally in February.  However, Conficker and Sality were not included in the top 10 list in New Zealand, and only in the seventh and eighth position in Australia.

On the contrary, Australia and New Zealand accounted for over 20 per cent of the global Torpig botnet detections in February.

Check Point’s research also revealed the most prevalent mobile malware during February 2016, and once again attacks against Android devices were significantly more common than iOS. The top three mobile malware families were:

Hummingbad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.

AndroRAT – Malware that is able to pack itself with a legitimate mobile application and install without the user’s knowledge, allowing a hacker full remote control of an Android device.

Xinyin – Observed as a Trojan-Clicker that performs Click Fraud on Chinese ad sites.

For the first time, malware targeting mobiles was one of the top 10 most prevalent attack types, with the previously-unknown HummingBad <> agent being the seventh most common malware detected targeting corporate networks and devices.  Discovered by Check Point researchers, Hummingbad targets Android devices, establishing a persistent rootkit, installs fraudulent apps and enabling malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises, with the aim of intercepting corporate data.

Nathan Shuchami, Head of Threat Prevention at Check Point said:  “The rapid rise in attacks using Hummingbad highlights the real and present danger posed to business networks by unsecured mobile devices and the malware that targets them.  Organisations must start to protect their mobile devices with the same robust security as traditional PCs and networks as a matter of urgency. With the range of attack vectors open to hackers, adopting a holistic approach to security that includes mobile devices is critical in protecting both corporate networks and sensitive business data.”

Australia and New Zealand Malware Concerns
Indeed, malware has recently affected Australia’s big four bank’s mobile apps and although Android will continue to be a security concern, it is anticipated that consumers will experience more attacks on iOS because iPhones and iPads continue to gain popularly globally, making them prime, high-value targets for cybercriminals.

David De Laine, Regional Managing Director, ANZ, Check Point, said, “It really is only a matter of time before cybercriminals climb over the App Store’s walled garden with APTs that utilise exploit packs to achieve privilege escalations, gaining full control over the attacked device.

“Android malware will also become even more evasive. We’ll start seeing stenographic methods being used in the wild, like decoding executable payloads from strings hidden in image files.  Stealth methods like this (in combination with obfuscation capabilities of off-the-shelf packers and custom encryption) will get much more complicated in 2016 as detection methods get smarter and become more accurate.

“On top of these risks, we’ll experience a trend of cybercriminals using advanced techniques to not only take over and control individual devices but groups of multiple devices. Controlling one device is fun, but controlling an army of devices is a real money-maker. Botnets are getting bigger and more well-orchestrated, giving hackers a range of malicious capabilities from massive spamming schemes and heavy DDOS attacks to cryptocurrency mining.”

Last month, the Check Point research pinpointed Australia as number 82 and New Zealand as 62 on the list of 117 most risky countries in the world.  Check Point’s threat index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time.  The Threat Map is powered by Check Point’s ThreatCloudTM intelligence, the largest collaborative network to fight cybercrime which delivers threat data and attack trends from a global network of threat sensors.  The ThreatCloud database holds over 250 million addresses analysed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

Below are the top three most commonly used malware variants and their definitions:

Conficker – machines infected by Conficker are controlled by a botnet. It also disables security services, leaving computers even more vulnerable to other infections.

Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.

Dorkbot – IRC-based Worm designed to allow remote code execution by its operator, as well as download additional malware to the infected system, with the primary motivation being to steal sensitive information and launch denial-of-service attacks.

Check Point’s Threat Prevention Resources are available at:

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. is the largest pure-play security vendor globally, provides industry-leading solutions, and protects customers from cyberattacks with an unmatched catch rate of malware and other types of attacks. Check Point offers a complete security architecture defending enterprises’ networks to mobile devices, in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organizations of all sizes. At Check Point, we secure the future.


Comments are closed.