IMPACTFUL VIRUSES IN HISTORY: HUMMINGBAD

Megan Poljacik • December 19, 2024

Imagine a virus infecting over 85 million Android phones without anyone catching on. Believe it or not, this really happened in 2016! How could a virus be so easily distributed without human intervention?

 

The HummingBad virus was a persistence rootkit, which is a very smart and nasty virus. It is difficult to find and even more difficult to remove. They embed themselves within the system without the users knowledge and they are designed to hide themselves and their activities, even from security software. A rootkit will take over an infected system on its own, or if it cannot gain root access, it will push a fake update prompt, tricking the user into installing. Once the malware has control of the device, it begins downloading and installing apps, and the lucrative business of conning users begins. The HummingBad virus was designed to click on the ads within the apps to generate advertising revenue. This inflated ad click and view counts, allowing the attackers to earn more revenue without actual user engagement. The malware also promoted and installed additional malicious


The HummingBad virus was named as such because hummingbirds are known for their speed and agility, and they suck the nectar out of flowers. The analogy is that the virus does the same, acting swiflty and extracting bits of information and money from each device as it goes.


apps on infected devices. In some instances, HummingBad would push fake system notifications or pop-ups claiming that the device needed a security update. When users clicked on the notifications, it would redirect them to download and install other infected apps. This generated revenue through app installations and allowed hackers to exploit them.


While the primary focus was on generating revenue through ad fraud, HummingBad could also harvest sensitive information from infected devices. This included personal data, such as contacts, login credentials, and financial information, which could be used for identity theft or sold on the black market.  



Another interesting tactic for financial gain was HummingBads use of botnets. Being installed on millions of devices, HummingBad had the opportunity create a network of compromised devices controlled by attackers, known as a botnet. These botnets could be leased to carry out various malicious activities, such as conducting distributed denial-of-service (DDoS) attacks or sending spam emails, in exchange for money.


HummingBad was able to infect a large number of devices by using several techniques. The hackers primarily targeted users in China and Southeast Asia, where alternative app stores and third-party app markets are popular due to certain regional restrictions. These alternative app stores are often full of counterfeit software and absolutely not vetted for viruses. Another method was through “driveby downloads.” This is when a hacker finds vulnerabilities within a known safe website and then imbeds malicious code. When the site is visited, the malware installs itself without the users knowledge. The same technique can be used with ads within websites – known as malvertizing. A user will click on an ad that is infected and that will redirect them to websites hosting HummingBad or trigger an automatic download.


HummingBad infected millions of Android devices worldwide, making it one of the largest cellphone malware attacks ever seen. The grand scale shows the extent to which hackers can exploit vulnerabilities if we are not careful. One way to prevent this from happening to you is to ensure you are using trusted app stores such as Google Play and Apple App Store. Both google and Apple have stringent security measures to ensure the software they promote is safe for their users. When installing apps be sure to pay attention to the permissions requested. Consider it a red flag if they ask for location information or contacts. It is important to be vigilant in the modern age.


Uncomplicate IT News Blog

MICROSOFT COPILOT: REVOLUTIONIZING SMALL BUSINESS OPERATIONS

April 29, 2025
This newsletter was written entirely by Microsoft Copilot in Word, simply by entering the following prompt: “Write a newsletter that is 300-400 words describing the value of Microsoft CoPilot to small businesses citing specific real world examples.” Microsoft CoPilot is a game-changer for small businesses, offering a suite of tools designed to enhance productivity, streamline workflows, and foster innovation. Leveraging the power of artificial intelligence, CoPilot integrates seamlessly with Microsoft's suite of Office applications, providing businesses with a robust support system to navigate their daily operations with ease. Enhanced Productivity One of the primary benefits of Microsoft CoPilot is its ability to boost productivity. For instance, a small marketing agency can utilize CoPilot to automate routine tasks such as generating reports, scheduling social media posts, and even drafting content. By reducing the time spent on these repetitive activities, team members can focus on more strategic initiatives, ultimately driving growth and success. Streamlined Workflows CoPilot's integration with tools like Microsoft Teams and Outlook ensures that communication and collaboration are more efficient than ever. Consider a small retail business that relies heavily on team coordination. CoPilot can help by organizing meetings, setting reminders, and managing email correspondence. This ensures that all team members are on the same page, reducing the likelihood of miscommunication and errors. Fostering Innovation Innovation is crucial for the survival and growth of any business, and Microsoft CoPilot serves as a catalyst for creativity. For example, a small tech startup can leverage CoPilot to analyze market trends, brainstorm new product ideas, and even prototype designs. By providing valuable insights and recommendations, CoPilot empowers businesses to stay ahead of the competition and continuously evolve. Real-World Examples Several small businesses have already reaped the benefits of Microsoft CoPilot. A local bakery, for instance, used CoPilot to optimize its inventory management, reducing waste and ensuring timely replenishment of ingredients. This not only cut costs but also improved overall efficiency. Another example is a small consulting firm that employed CoPilot to automate its client billing process, ensuring accuracy and saving valuable time. In summary, Microsoft CoPilot is an invaluable tool for small businesses, offering unparalleled support in enhancing productivity, streamlining workflows, and fostering innovation. By leveraging the power of AI, CoPilot enables businesses to operate more efficiently and creatively, ensuring long-term success in a competitive marketplace.

ON PREM VS. SASE: WHICH FIREWALL IS RIGHT FOR YOUR BUSINESS?

By Megan Poljacik March 27, 2025
Three things in life are certain: death, taxes and the persistent threat of cyberattacks. There are many layers of defense in the onion of cyber security, but at the helm is your firewall. Traditionally firewalls have always been the piece of hardware acting as a barrier between your office network and the wilds of the internet. Then in 2020 the way we work was transformed forever by the global pandemic. Nearly a third of the workforce transitioned to remote, leaving offices empty. Many employees continue to work in non-traditional spaces to this day. How can we defend them against cyberattacks if they are outside the protective reach of an on premise firewall? A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Think of it as a moat with a bridge and a guard shack that surrounds a castle. The guards and the moat are the firewall, acting as a barrier and between a trusted internal network (the castle) and untrusted external networks (random people trying to get in), helping to prevent unauthorized access to and from the castle while allowing legitimate traffic to pass through. The outside forces have to “check in” with the guards before they can cross the moat and access the castle.

NEW MESSAGING GUIDELINES RELEASED

By Megan Poljacik February 25, 2025
You may have heard recently that the FBI and Cyber Security and Infrastructure Security Agency are recommending cell phone users use end to end encryption when sending text messages. Why are they doing this and how does it affect you and your business? In December of 2024 authorities revealed that Chinese hackers have breached at least 8 major telecom network infrastructures, including those of Verizon and AT&T. Known as Salt Typhoon, the nefarious actors used a “back door” that is used by U.S. foreign intelligence surveillance systems (yes that’s legal wiretapping). Senior officials within the US Government have admitted the hackers have had access since summer of 2024. It appears that they focused heavily on users in the Washington DC area.
More Posts