back to article Honey, why are porno apps on your Android?! Er, um, malware did it!

Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals. Hummer first came up on the logs of Cheetah Mobile's security team in August 2014, but spent eight months in obscurity before starting …

  1. Dadmin

    The infection point is thought to be third-world app stores.

    FIFY

  2. a_yank_lurker Silver badge

    Be Wary

    "The infection point is thought to be third-party app stores. While Google has largely cleaned malware out of its official Play store, secondary markets are less careful about checking code and Hummer can be disguised as a legitimate-looking app." - The problem with any third party app store, not just Android, is how aggresseve are the owners/admins about removing malware and crapware and generally policing the site. This can occur with any OS when one is uses unofficial sources for applications.

    1. asdf

      Re: Be Wary

      >The problem with any third party app store, not just Android, is how aggresseve are the owners/admins about removing malware and crapware

      Unless you take F-Droid's tact and require all apps to be open source. That way the users can look too and flag anything untoward. Though admittedly requiring open source will generally stop baddies from even trying and probably the biggest deterrent is it being a repo used by far less than 1% of users who tend to be some of the most security conscious and technical so very high hanging fruit.

      1. s2bu

        Re: Be Wary

        Oh yes, because every F-Droid user checks every line of source code to every app they install...

        1. asdf

          Re: Be Wary

          Ok drop a link to any malware found on F-Droid ever. Results speak louder than words. At least being able to audit at the source code level is an option with F-Droid. All it takes is small handful of people that know what they are doing as opposed to every user.

      2. Crazy Operations Guy

        Re: Be Wary

        Just making something Open Source isn't the end-all and be-all of security. Several people well-versed in secure programming have to look at it before it could be considered even remotely clean. OpenSSL taught us all that lesson the hard way...

        1. no-one in particular

          Re: Be Wary

          > OpenSSL taught us all that lesson the hard way...

          So you are saying that a bug that compromises security is on as par with malware that contains multiple ways to deliberately attack your device and works hard to prevent you from removing it?

          1. d3rrial

            Re: Be Wary

            Do you know the Underhanded C contest?

            You don't have to write a malicous app to be obviously malicious. You can just disguise an attack vector as a bug and if discovered: "Ooops!! Who could've known this would lead to remote code execution! Totally fixed" And then introduce a similar vector a few patches later.

        2. asdf

          Re: Be Wary

          >Just making something Open Source isn't the end-all and be-all of security.

          Yes I know Android itself is proof of that (though can't remember if those nasty MMS exploits where in strictly AOSP or not). My point was simply F-Droid is very high hanging fruit in general and for at least techies that can get away with using only F-Droid instead of the Play Store (and even better get away without a Google account at all, spyware that makes you login) they will be better off security wise. I understand no Farceb0rk or whatever app in F-Droid means excluding 95% of the population but more speaking to the audience on this site.

  3. Anonymous Coward
    Anonymous Coward

    Within the next 18 months there will be a massive Android infection

    Malware is getting better, and starting to become more profitable. All you need is something like this that lies dormant for a few months before 'waking up', that manages to get included in some Android apps in the Play Store - probably via a library multiple apps will include like something for advertising.

    Hit the wakeup day and suddenly 50 million phones are infected with something that is effectively impossible to remove, where you have to live with it unless you want to buy a new phone.

    Not saying this is impossible to happen to iOS, of course, as that would be the more lucrative target, but the restrictions Apple places on what apps can do would make this trick harder to achieve - and Apple could deliver an iOS update to kill something like this off within a few days.

    1. girtsgr

      Re: Within the next 18 months there will be a massive Android infection

      > infected with something that is effectively impossible to remove, where you have to live with

      > it unless you want to buy a new phone.

      Why buy a new phone, when firmware flashing is enough?

      1. P. Lee

        Re: Within the next 18 months there will be a massive Android infection

        >Why buy a new phone, when firmware flashing is enough?

        Indeed, why is there no during-boot button combination which drops you into a really simple rom which gives you the option of deleting the disk volume and starting from scratch or downloading from either a fixed or user-specified URL

        Ah yes, they would be the urge manufacturers have to get you to buy a new phone rather than upgrade your existing one. That's the root of the problem with not being able to do clean installs. Its a vendor problem. It would be so easy to do a fresh install, sign into your store and pick which apps you'd like to re-install and which ones you think might be dodgy.

        1. Adam JC

          Re: Within the next 18 months there will be a massive Android infection

          They do. Every Android handset ever released has been able to, infact. With the phone powered off, hold the power on button and the volume button - Voila, bootloaded which allows you to factory reset, wipe the phone back to factory settings, etc. :-)

        2. Voland's right hand Silver badge

          Re: Within the next 18 months there will be a massive Android infection

          Indeed, why is there no during-boot button combination which drops you into a really simple rom which gives you the option of deleting the disk volume and starting from scratch or downloading from either a fixed or user-specified URL

          You realize you just described clockworkmod - the cornerstone of the Cyanogen ecosystem.

      2. Anonymous Coward
        Anonymous Coward

        Re: Within the next 18 months there will be a massive Android infection

        Why buy a new phone, when firmware flashing is enough?

        For Reg readers, sure, a firmware flash is an option. Not so for the typical smartphone customer, if you think it is you vastly overestimate their technical competence. These are people who bought new PCs by the tens of millions each year because malware infected their old one and made it "slow", even though reinstalling Windows would have licked that problem.

        As for the factory reset, the article says the factory reset may not be enough. If you hide code needed to reestablish the infection in the firmware, re-flashing is your only way out. And that's simply not something the typical Android user is going to be able to do.

        1. Anonymous Coward
          Anonymous Coward

          Re: Within the next 18 months there will be a massive Android infection

          I should add the key to its long term survival would be making it so it doesn't really hurt the phone owner that bad. Nothing that makes it super slow, runs up your data bill, texts premium numbers or stuff like that. Just have it "click" on ads silently, and rely on sheer numbers to make money for you. You don't even have to care if all the ads are yours - in fact you don't want that so it isn't immediately obvious who is behind it.

          From my perspective this would even be a good thing, as anything that makes mobile advertising less valuable is a good thing in my book!

        2. asdf

          Re: Within the next 18 months there will be a massive Android infection

          >These are people who bought new PCs by the tens of millions each year because malware infected their old one and made it "slow"

          In their defense windows up until at least Win 7 with the registry naturally accumulating lots of crap tended to over time make itself slow as well.

    2. Crazy Operations Guy

      "Apple could deliver an iOS update to kill something like this off within a few days."

      They could, but they only create updates for the latest version of IOS, which happens to only run on the newest versions of the phone. Anyone using an older device is completely screwed.

      1. Anonymous Coward
        Anonymous Coward

        iOS updates for older versions

        There is precedent for them creating updates for older versions of iOS, they did so a couple years ago when they introduced a security update for iOS 6 six months after iOS 7 came out. If there was some serious malware they'd very likely do something similar - though perhaps not all the way back to iOS 6.x as the number of 3gs devices still in use has to be a rounding error at this point.

  4. Pascal Monett Silver badge
    Facepalm

    "even a factory reset may not fully wipe up after a Hummer infection"

    And next to that, we have companies pushing selfie-logins by touting that the mobile is a "trusted platform".

    <shakes head>

  5. Baldy50

    Hummer!

    Why not HubaHuba, not the place in Cambodia.

  6. Seajay#

    Jealous

    How come this malware always seems to be able to root a large proportion of handsets from all sorts of manufacturers without user intervention, without any obvious changes, certainly without a wipe but I can't always manage that even knowing the exact model, booted in to recovery with ADB connected?

    Two possibilities occur:

    - I suck

    - This only really affects Chinese knock-off phones running unpatched Android v0.9. Therefore we don't really need to worry about it.

    1. Crazy Operations Guy

      Re: Jealous

      Its coming from 3rd party app stores with counterfeit apps. No matter how good your security is, you still need to give fairly high-level rights to a user when they are installing an app. Combine this with the fact that a very large portion of users don't bother paying attention to the permissions that an app is requesting, and you end up with malware getting installed despite any security protections.

  7. Little Mouse Silver badge

    roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals

    I call that Hiding in Plain Sight.

    1. Swarthy

      roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals

      Is this really mal-ware? I want to root my phone, and look @ pron.. and lots of apps pop up ads at random intervals. Two out of three a'int bad...

  8. Leeroy

    The picture

    Where did you get the headline pic from ? I keep thinking of an 80s music video but can't place it grrrrrr.

    1. allthecoolshortnamesweretaken

      Re: The picture

      Blondie. Or Robert Palmer. Maybe. It's been a while.

  9. Jeffrey Nonken

    The headline

    My wife would never be upset that I was downloading porn, but she might be upset if I didn't share it with her.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021