This article was written to help users with the Hummingbad malware Android removal. In addition to the Hummingbad removal guide you’ll also find a detailed explanation of what is Hummingbad, as well as tips on how to stay clear of such threats in the future.
How to tell if your device is infected with Hummingbad Android malware?
Common symptoms include recurring screen-wide advertisements, which will occasionally try to install applications even when try to close them. Users who have had their phone rooted may notice new apps appearing on their home screen without permission to get installed.
- Important! Over 70% of all Hummingbad infected devices are located in Asia, while the rest of the infected devices are spread around the globe. Users who frequent unsafe adult websites or download and install apps from .apk files are the most likely victims.
What is Hummingbad Malware?
Hummingbad is a type of Android rootkit malware. The malware was originally discovered by the security company that maintains the Strongpoint blog. We have summarized their findings below, for quicker and simpler reading. All credit for finding this information goes to the security experts with Strongpoint.
Hummingbad is a type of fraud click & download malware and it was created by a Chinese hosting company called Yingmob, which maintains servers for mobile Ads. The company maintains multiple development teams and most of its software products are legitimate. While Hummingbad is not virus, it is still a dangerous malware, which exploits the vulnerability of a user’s system in order to wreak havoc. This is also the reason why we prepared this Hummingbad removal guide for our readers.
How does it work?
Hummingbad is spread via multiple methods. One such is the drive-by download attack. Basically the malware is loaded inside another app – if the infected app is given permission to install from the user the malware gets installed as well. Another common distribution trick Is though websites with adult content. The malicious payload is masked as a required plug-in, driver or video player, which needs to be installed in order to view the movies hosted on the site.
Regardless of the delivery method used the function of the malware is identical. A background process called Se is launched, which will constantly monitor the phone (every 10 seconds) and wait for a predetermined set of conditions. A connection to the internet is required, because command of the malware is monitored via a remote host. Once all conditions are met the Malware will launch the main malware process. In turn this will create screen-wide banners several times per day, as determined by the remote server. Attempting to close this banners is futile – the close button redirects to the install button, so wherever the user clicks is irrelevant. Sometimes clicking the banner will result in opening a webpage linked by the banner, other times an app will be directly prompted for installation.
The next step varies depending on whether the user’s device is rooted or not. Users with rooted phones will automatically download and install the application, while users whose phone has not been rooted will have the option to cancel the installation of the unwanted app.
Is Hummingbad dangerous?
Hummingbad was originally intended as a click fraud software and in this functionality it is not dangerous to the user’s device. Typically, when a user installs an application or clicks on an advertisement the company/person which hosted the app/advertisement gets paid a small amount of money – usually less than $0.01 – as a finder’s fee. This, however, can easily amount to a a huge money flow when enough phones are infected. Considering that Hummingbad was first spotted in February and more than 10 million devices are believed to be infected the total profit margins are estimated to be over $300,000 per month. The same amount is a net loss for all companies, whose adverts and software are targeted by this scam tool.
But why should you care about mega corporations getting victimized by such a scam? Well… the real trouble is what this malware could evolve in the future. Since Hummingbad is essentially a rootkit application it could be easily reprogrammed and repurposed to do much more sinister actions. A smart hacker can steal the code and modify it to suit his own purposes. Spying on a phone, stealing banking accounts, installing ransomware and many other equally dangerous applications can come to mind.
How to protect against Hummingbad (and other malware)
The first line of the defense should be installing a security application on your phone. Most are either free to use (and supported by occasional adverts) or require payment. You can check out our recommendation for one such good & free program by clicking on any of the banners on this page.
Relying solely on software to protect you is not nearly enough, however. Security specialist are on a disadvantage in the battle against malware, since they can only react. Brand new malware can easily pierce even the best software suite. In such cases the only thing you can do is stay away from sources, which are known to distribute malware:
- Adult video sites, especially little known sites with no reputation frequently distribute malware
- Installing apps from .APK files is one of the easiest way to have your phone infected. Online stores, such as the Google Play Store, screen all programs for viruses and malware before they are made available for download. When you download an .apk file from a 3rd party you are putting your device at a great risk.
- Sometimes even store-approved apps can use some nasty trick or legal loophole to infect a computer. Google will eventually take it down, but in the meantime it is perilous to install such an app. In most cases people are able to pick that behavior quickly enough and write a negative review of the program. If an app has an overwhelmingly high number of negative reviews, well then you know that something is wrong.
How to remove Hummingbad Android malware?
To put it simply – you have to find and uninstall the application that hosts the malware code. Scanning though the service programs running on your phone is very hard and the malware is known to re-enable itself on system reboot, connecting to the internet and sometimes even on any human interaction with the device. Below you’ll find the Hummingbad removal guide. Follow the steps carefully
Hummingbad Malware Android Removal
Method one
To start off need to reboot your Android device in safe mode.
To do that hold the power button on your Android phone until you see the turn off button on your screen. Press and hold the button until you get a prompt that will allow you to reboot in safe mode.
You should now see Safe mode written on the bottom of your screen. If that is the case proceed with step 2.
What to do if the instructions above didn’t work to turn on safe mode:
The malware may be blocking the software option to turn on safe mode. To bypass the block you can use the hard safe mode reset.
Press and continuously hold the Volume Down and the Power Button until the phone turns off and reboots. Some devices require that you hold both buttons until the device fully reboots, other devices may require that you only hold the power down key. If your Android device is a particularly old one you may have to hold Volute Down, Volume Up and the power key until it reboots into Safe Mode.
Try all the combinations in the order we’ve written them until you get the proper one for your device.
Locating and uninstalling the malware infected application is next on the list. As a rule of the thumb you are looking for a recently installed application that will most probably not be present in the Google Play Store list of installed applications, but will be present on the device itself.
Navigate to Settings->Applications->Installed Apps and look for suspicious entries there. It could be anything, but the most likely culprit is an app whose name you don’t recognize and don’t remember installing yourself, or two entries of what appear to be the same app.
- Any app you downloading and installed without the assistance of the Google Play Store is an immediate suspect and you should uninstall it immediately.
To uninstall an app just tap on it, then click on the Clear Cache, Clear Data and Uninstall buttons, in that order.
When you are done cleaning suspicious apps remember to reboot your Android device in order to turn off Safe Mode. If the malware symptoms persist then you need to repeat this step again and perform a more throughout app pruning.
Method two
If you were unable to locate and uninstall the malware using the instructions above, then there is one last method you can use in order to clean your device – a Factory Reset.
- IMPORTANT! A factory reset will wipe your phone clean of any contacts, apps, settings and files you have on it! Back up everything important by uploading in to your PC or with the help of a cloud service! The Android backup service will back-up service can be of great help too!
- EVEN MORE IMPORTANT! Resetting your phone is always done at your own risk and may void the warranty of the phone with some distributors. Make sure your device has sufficient battery strength to finish the operation or keep it plugged in.
Try this first: Perform a factory reset using the settings menu
- Begin by opening Settings .
- Located under “Personal,” tap Backup & reset. You’ll probably have to input your PIN or password, if you have set up one.
- Find the Factory data reset button, under Personal Data. Read the instructions and press Reset phone.
- For best results select Erase everything.
- When the reset is ready reboot your device.
Try this if the above didn’t work: Reset device in Recovery mode
- Important! Android devices using Android version 5.1 and later are protected from theft and subsequent hard reset by requiring the user to enter his Google account name and password. Make sure you know what they are before attempting the reset.
- Turn off your phone
- Press and hold Volume up and Power button at the same time until you see the logo of the manufacturer and the device is turned on.
- Immediately press Volume down in order to select “Recovery mode.” You can navigate through the menus by clicking on Volume up button and confirm your choice with Volume down button.
- The Android robot will appear with a “No command” Message.
- While you hold down the Power button, press the Volume up button, then release it..
- Again you need to use the volume buttons to select the “wipe data/factory reset” and confirm your pick by pressing the Power button.
- Confirm the reset to exit the menu and begin the process itself.
Once the factory reset is complete your phone will reboot itself and it will be free of any third party applications, files and settings. Use your backups to restore your device and keep away from dangerous sites in the future!
If you run into any trouble – ask us for help in the comments section!