A prolific piece of Trojan smartphone malware which installs malicious apps, games, and continually pushes pop-up adverts onto victim's phones is making its creators as much as $500,000 per day.
Hummer was first discovered by the Cheetah Mobile Security Research Lab in 2014, but the malware initially lay dormant for many months. However, a blog post by the security researchers details how Hummer started infecting hundreds of thousands of phones in summer last year, before exploding into 2016.
Every time the Trojan installs a new application on the infected devices, it's thought the developers make $0.50. While that may sound like a small amount, the proliferation of Hummer means its creators make big bucks.
"If the virus developer were able to make $0.50 USD (the average cost of getting a new installation) every time the virus installed an application on a smartphone, the group behind this trojan family would be able to make over $500,000 USD daily," say researchers.
While the number of phones infected has declined, Hummer is still operating on over one million smartphones, thus making it the most widespread Trojan in the world.
When a mobile becomes infected by Hummer, the Trojan roots the device to obtain administrator privileges which it uses to frequently prompt pop-up adverts, as well as automatically installing unwanted apps, games, porn, and malware in the background. All of these actions consume large amounts of data, potentially putting the infected user at risk of large bills from their network provider.
Unfortunately for victims, the malware is extremely difficult to uninstall due to the fact it takes control of the phone at such a deep level, thus Hummer can't be uninstalled with traditional antivirus tools, nor can it be deleted through a factory reset. The fact there are 18 different separate software tools which allow Hummer to root itself on a phone makes it particularly dangerous.
After analysing samples of the malware, security researchers discovered that Hummer spreads itself using a variety of domain names and infection points through third-party app stores where users are tricked into downloading malicious, fake versions of popular applications such as YouTube.