We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.

How bad is HummingBad? We asked the experts

How bad is HummingBad? We asked the experts

Android is under threat from a new security risk known as 'HummingBad'. The malware, which was first identified last year as 'Shedun', is said to have infected 10 million devices within the past few months. Should we be worried? AndroidPIT talked to the experts to ascertain the threat level and learn what preventative measures we can take to defend against it.

What is HummingBad?

HummingBad is a virus which can be automatically downloaded to a device when a person visits certain websites; this is what's known as a drive-by-download attack.

Once inside of your device, the malware is capable of gaining root access to the Android phone. It can then install additional apps, display ads and direct a person to false Play Store information, all with the aim of gaining revenue from malicious ads.

This revenue is said to be worth $300,000 per month for Yingmob – a Beijing-based advertising agency that CheckPoint claims is responsible – and it's all achieved without the user's explicit knowledge of it being on the device. 

androidpit hummingbad by country
The number of infected Android devices discovered in the top twenty targeted countries. / © Check Point

How big is the HummingBad threat?

Different sources speak of different levels of risk. Check Point, an IT security and software development firm, suggests that ten million devices have been infected and that those who created the virus control "an arsenal of over 85 million mobile devices around the world." 

Lookout, a security company focusing on Android and iOS, claims that "Shedun detections spiked over 300 percent in March, and further spiked over 600 percent in the past month [between June and July]."

Of those affected, the Checkpoint report [PDF, 1 MB] claims that 90 percent of the devices are running Android 4.4 KitKat or older, while only one percent of the infected devices are running Android Marshmallow.

Furthermore, the list suggests that around 286,800 devices have been hit in the US, but it's mostly eastern territories featured in the top 20 infected countries.

eset thomas Uhlemann transversely
Thomas Uhlemann says HummingBad is of little concern for users in Central Europe. / © ESET

What do the experts say?

We asked security companies how big the threat really is. In a statement translated from German, Thomas Uhlemann, Security Specialist at ESET, said:

"Though HummingBad is a threat to Android devices, we can not really see a significant increase [in infection rate]." Numbers from the ESET-owned www.virusradar.com (a screenshot of which I've attached below) suggest the same.

Mr Uhlemann added: "A global peak of two to three percent in Yemen or two percent or less in Tajikistan, Afghanistan and Nepal should be of little importance for users in Central Europe." 

While Android devices in the US have been targeted more, Mr Uhlemann also said, "Those with current security software, such as the ESET Mobile Security Android app, should be protected from infection since last September."

Hummingbad Trend June July2016
HummingBad's infection rate hasn't changed from June to July, according to ESET. / © ESET

How do I avoid HummingBad?

To avoid HummingBad, you should always download apps from Google Play, or install from a reputable vendor's website (like the Amazon app from Amazon's website). Similarly, if you see that otherwise paid apps are available from a third-party site for free, you should always avoid them. 

Another tip is to avoid visiting pornographic websites. It's no secret that these are often targetted by scammers and fraudsters. Consider doing some research regarding reputable sources of such material before clicking through links willy nilly (pardon the pun) on your handset.

Hummingbad WorldMap June July2016
Hummingbird distribution by region. / © ESET

How do I know if I my device has been infected by HummingBad?

The main indicator that you have a malware infection is that your device is exhibiting erratic behavior. For example, it could be showing ads or vibrating unexpectedly, or it could be consuming an unusually high amount of data or battery. 

HummingBad, specifically, can install additional apps to your device without your knowledge, promote ads unexpectedly, or highlight mysterious apps for you to install in the Play Store.

Furthermore, if HummingBad fails to achieve root access, it may create a fake notification on your device to try and trick you into granting it admin privileges. Watch out for that. 

How do I remove HummingBad if my device gets infected?

ESET's Mr Uhlemann said that if you have been infected by HummingBad, it's already too late to save your device. The threat infects devices by gaining root privileges, and the only way to circumvent this would be to flash new firmware or install a custom ROM. However, this is not a foolproof solution, as the software may have copied itself to another partition. 

If you own a modern device and have been using it responsibly, you shouldn't worry too much HummingBad. Check out our guide to smartphone scams and how to avoid them for more details.

Is HummingBad a concern for you? Do you need any further information? Let me know in the comments or ask me on Twitter @scottadamgordon.  

With contributions from Eric Herrmann of AndroidPIT.de.

Recommended articles


Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • I have gotten those pop up ads that makes the phone vibrate really hard once and then stops and doesn't let you click the back button. Should I be worried?

    I should mention that this is only on a certain website that it happens on basically.

  • Pat Jul 10, 2016 Link to comment

    Vicky C. You probably didn't give enough information, but as the article stated, if you only download apps from Google Play, or Amazon, your phone is probably fine. If you apps from third party sites, you have more to worry about. From your description, it sounds more like something running in the background using too much of your memory and/or processor. I don't know what version of Android you use, but in version 5, you should be able to go to Settings/Apps to see what's running. In version 6, you have to go to Settings/Developer options.
    My Note 4 sometimes does the same thing and I just restart it and it is fine.

  • Try going into safe mode (goggle your device plus safe mode), or turn on "Show CPU Usage" in developer options (same for all devices, tap on Settings / About Device / Kernel Version a lot)

    If safe mode doesn't pause, then an app is taking up the resources on the phone. The Show CPU usage should show which is taking up so much. You can go from there for troubleshooting.

  • I don't think I have the HummingBad virus but my phone has been exhibiting some annoying behavior. Often, it will freeze up in the middle of me using it and will not respond at all at first when I press the home button. My question is if I should be concerned that it might have a virus.

Write new comment:
All changes will be saved. No drafts are saved when editing