Mostly AD Malware Campaigns Are Running For Fraudulent Revenue Generation From China
According to study, Yingmob runs Chinese advertising analytics company, it uses HummingBad to control 10 million devices globally and generate $300,000 per month in fraudulent ad revenue.
"HummingBad is a malware discovered by Check Point in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps," Check Point explained in a blog post.
"Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organised with 25 employees that staff four separate groups responsible for developing HummingBad's malicious components."
- Yispecter uses Yingmob’s enterprise certificates to install itself on devices
- HummingBad and Yispecter share C&C server addresses
- HummingBad repositories contain QVOD documentation, an iOS porn player targeted by Yispecter
- Both install fraudulent apps to gain revenue
Over 50,000 fraudulent apps to gain revenue per day to increase revenue for the fraudster and making around $3.6 Million per year from its campaign.
List of Criteria for App Providers in China:
- App providers must verify users' identities by requiring their mobile numbers or other information.
- Providers should protect their users' information and cannot use the information without their consent.
- Providers should improve censorship and punish anyone releasing illegal information through warnings, shutting down accounts or suspension of service.
- Providers are forbidden from collecting user's location data and reading their contacts stealthily.
- Providers are also banned from pirating their rivals' products.
- Providers must record user logs and keep the information for at least 60 days.
Image Source: ThinkStock