This Android malware has infected 85 million devices and makes its creators $300,000 a month by Danny Palmer.
This should be an example to those users who don't feel the need to have any security app whatsoever.
It is, but the reports are pretty vague on the actual mechanism of infection. "Drive by download" is an ambiguous term. What is the vulnerability?
That's unhelpful. I'm already aware of the multiple definitions of "drive-by downloads." The definition of "drive-by download" in your 2012 link would easily be defeated by not manually installing randomly downloaded .APKs, and keeping "Unknown sources" disabled as per the defaults. That's not a problem necessitating a real-time security solution. When it instead means malware installing without any user intervention (i.e. through exploitation of vulnerabilities) then I want to know the specifics in order to patch or mitigate.
Looking at the Check Point descriptions from April and July: http://blog.checkpoint.com/2016/02/04/hummingbad-a-persistent-mobile-chain-attack/ http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf They gloss over the initial infection in both reports: After whatever causes the initial breach, the malware decrypts Right_Core.apk in order to gain root access, and if that fails then activates qs.apk to serve a fake system update notification message and to attempt additional privilege escalations. Still no clear indication how the malware (com.android.sensjm) is present and running on the system in the first place. If they don't mention it, then it's probably just a manual installation with "unknown sources" enabled. Alternatively, if it's anything like Xinyinhe malware then another option could be that it's bundled in apps (including those from Google play) https://forums.malwarebytes.org/topic/181128-androidpupadwarexinyinhe/
How to find out if your Android phone has been infected with HummingBad Reference: New Android malware has already infected 10 million devices worldwide -- Tom
