This mobile Trojan from China fills your phone with porn apps

"Hummer" has become the world's biggest mobile Trojan threat

Malware that secretly installs porn apps on your phone is infecting devices by the millions, becoming the world’s largest mobile Trojan.

The malware, called "Hummer," is a family of Trojans that imitate Android apps before striking, according to Cheetah Mobile, a maker of security and utility apps.

The company’s researchers have been tracking Hummer since 2014. It's been infecting more than 1 million devices per day, far outpacing other kinds of mobile Trojans, the company said in a post on Wednesday.

India, Indonesia, Turkey, China and Mexico are the top five countries where the Trojan has been spreading the most, but it's also hit victims in the U.S. and Europe.

Users are downloading Hummer Trojans thinking they’ll gain access to YouTube or other Google services. But in reality, Hummer secretly “roots” the user’s device, gaining admin-level access to the operating system.

It then installs any number of unwanted apps, including games and apps related to porn. In addition, the Trojan serves countless pop-up ads to the screen. In Cheetah Mobile’s own testing, Hummer could force the device to download 2GB worth of network data within hours.

Even users who try to uninstall the apps will find them reinstalled again, the company added.

The developers of Hummer are probably making money by serving ads and forcing the app installations. That could be enough to generate about US$500,000 a day, Cheetah estimated.

China might be the source of the Trojan family. The group behind the malware has been using domain names that are linked to an email account in that country.

Hummer is difficult to delete, and even a factory reset won’t eliminate it, Cheetah Mobile said. Cheetah says it has an app that can remove the malware.

Users have a better chance of avoiding Android Trojans if they don't download apps from untrusted sources. This is more difficult in some places, such as China, where there is no access to Google Play. Users there download apps from third-party app stores, exposing them to possible malware.

Kaspersky Lab has also said it has detected Hummer, but it calls the malware "Trojan.AndroidOS.Iop."

Join the CSO newsletter!

Error: Please check your email address.

More about GoogleKaspersky

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place