Uncomplicated IT Logo

IMPACTFUL VIRUSES IN HISTORY: HUMMINGBAD

Megan Poljacik • December 19, 2024

Imagine a virus infecting over 85 million Android phones without anyone catching on. Believe it or not, this really happened in 2016! How could a virus be so easily distributed without human intervention?

 

The HummingBad virus was a persistence rootkit, which is a very smart and nasty virus. It is difficult to find and even more difficult to remove. They embed themselves within the system without the users knowledge and they are designed to hide themselves and their activities, even from security software. A rootkit will take over an infected system on its own, or if it cannot gain root access, it will push a fake update prompt, tricking the user into installing. Once the malware has control of the device, it begins downloading and installing apps, and the lucrative business of conning users begins. The HummingBad virus was designed to click on the ads within the apps to generate advertising revenue. This inflated ad click and view counts, allowing the attackers to earn more revenue without actual user engagement. The malware also promoted and installed additional malicious


The HummingBad virus was named as such because hummingbirds are known for their speed and agility, and they suck the nectar out of flowers. The analogy is that the virus does the same, acting swiflty and extracting bits of information and money from each device as it goes.


apps on infected devices. In some instances, HummingBad would push fake system notifications or pop-ups claiming that the device needed a security update. When users clicked on the notifications, it would redirect them to download and install other infected apps. This generated revenue through app installations and allowed hackers to exploit them.


While the primary focus was on generating revenue through ad fraud, HummingBad could also harvest sensitive information from infected devices. This included personal data, such as contacts, login credentials, and financial information, which could be used for identity theft or sold on the black market.  



Another interesting tactic for financial gain was HummingBads use of botnets. Being installed on millions of devices, HummingBad had the opportunity create a network of compromised devices controlled by attackers, known as a botnet. These botnets could be leased to carry out various malicious activities, such as conducting distributed denial-of-service (DDoS) attacks or sending spam emails, in exchange for money.


HummingBad was able to infect a large number of devices by using several techniques. The hackers primarily targeted users in China and Southeast Asia, where alternative app stores and third-party app markets are popular due to certain regional restrictions. These alternative app stores are often full of counterfeit software and absolutely not vetted for viruses. Another method was through “driveby downloads.” This is when a hacker finds vulnerabilities within a known safe website and then imbeds malicious code. When the site is visited, the malware installs itself without the users knowledge. The same technique can be used with ads within websites – known as malvertizing. A user will click on an ad that is infected and that will redirect them to websites hosting HummingBad or trigger an automatic download.


HummingBad infected millions of Android devices worldwide, making it one of the largest cellphone malware attacks ever seen. The grand scale shows the extent to which hackers can exploit vulnerabilities if we are not careful. One way to prevent this from happening to you is to ensure you are using trusted app stores such as Google Play and Apple App Store. Both google and Apple have stringent security measures to ensure the software they promote is safe for their users. When installing apps be sure to pay attention to the permissions requested. Consider it a red flag if they ask for location information or contacts. It is important to be vigilant in the modern age.


Uncomplicate IT News Blog

WOMEN IN TECH: MARGARET HAMILTON

By Megan Poljacik December 19, 2024
Picture this: You're witnessing the culmination of years of hard work as the first humans are about to land on the moon's surface. Suddenly, the moment is shattered by blaring alarms. This exact scenario unfolded during Apollo 11's momentous moon landing. Luckily, Margaret Hamilton and her accomplished team of NASA engineers had meticulously readied themselves for any imaginable situation. Margaret Hamilton is best known for her work on the Apollo moon missions. In the 1960s, she was the lead software engineer for the Apollo Guidance Computer, which was the specialized computer that was responsible for guiding the Apollo spacecraft to the moon. Her job was to make sure the system was reliable, efficient, and could handle the complex calculations needed for space travel. During the Apollo 11 mission, Margaret Hamilton's team faced a critical situation where the computer system on the lunar module experienced an overload during the landing. This overload was caused by an unexpected increase in processing demands as the computer tried to do numerous tasks at the same time.

FIGHTING HACKERS... WITH LAVA LAMPS?

By Megan Poljacik December 19, 2024
In the headquarters of Cloudfare, a California based tech company, there is a most wonderous wall of mystery. Towering over the entrance, lies wall of around 100 brightly colored lava lamps. While they may be enticing to the eye, these lava lamps actually have a very important job in the security department. Cloudflare provides content delivery network services and DDoS mitigation, and they are known for using lava lamps in their offices as part of its encryption process. The concept is based on a method called "entropy source," which helps generate truly random numbers for encryption keys. Entropy sources are used in cryptography to generate randomness for various security-related processes, such as encryption key generation and secure communication protocols. Entropy, in this context, refers to the unpredictability and randomness of data, which is crucial for ensuring security and preventing cryptographic attacks.

ATTACK OF THE KILLER TOOTHBRUSH?

By Megan Poljacik December 19, 2024
Earlier this month a peculiar story began circling the internet: a Denial of Service attack was being implemented at the hands of millions of Smart Toothbrushes. This turned out to be false information, but could it actually happen? During a Distributed Denial of Service (DDoS) attack, a large number of compromised or infected devices, often referred to as bots or zombies, are used to flood a targeted website, server, or network with an overwhelming amount of traffic. This flood of traffic is intended to interrupt the target's normal operation, making it inaccessible to legitimate users. The threat actor can use literally any device with an internet connection – so yes, a smart toothbrush could contribute to taking down the internet! These attacks can take years of effort on the hackers part before they come to fruition. The hacker gains control of hundreds if not thousands of devices over time. They connect them to create a botnet, and use specialized software or scripts to instruct the botnet to send a large volume of fake traffic to the target. This surge in traffic can overpower the target's bandwidth, server capacity, or other resources, causing it to be
More Posts
Share by: