How Profitable is Malware?


Back in February we told you about Hummingbad. A malware found on Android which gains root access to android phones in order to install other applications and display ads. I’ve seen several news articles speaking about Hummingbad today, more specifically about the company behind it. Why has this suddenly caught the interest of media? Because of the amount of money being made.

The first shocking thing about Hummingbad is that this is a case in which we are not talking about the typical hacker. At least not the typical hacker which we tend to think of when we talk about malware. Hummingbad was created and is maintained by Yingmob. Yingmob is a legitimate Chinese advertising analytics company. Check Point security believes that Hummingbad has infected more than 10 million devices worldwide, with the majority of infected devices residing in China, India, and the Phillipines. Moreover, it is believe that Yingmob has nearly 85 million devices under it’s control via other malware items it controls affecting both Android and iOS devices.

Why would a commercial company be involved in such a trade? For revenue. It is believe that Hummingbad, which primarily generate ad revenue for Yingmob generates $300,000 per month. This figure comes from over 20 million advertisements shown per day with 2.5 clicks per day adding up to $3000 per day. Add to that, Hummingbad installs over 50,000 fraudulent apps per day leading to over $7,500 in revenue per day. It’s quite a lucrative business.

I want to ask a question I haven’t seen asked throughout the various posts I’ve read on Hummingbad today.

What defines malware any more?

Hummingbad is surely something we don’t want on our phones. The fact that it gains root access leaves the user open to more malicious attacks should Yingmob choose. Add to that, the amount of ad activity and app installing it does, surely affects the performance of the phone and uses user’s data allowance. However, this is an actual commercial company in China, offering legitimate services. It is using Hummingbad as a source of revenue. This revenue is being generated through advertising dollars, without user consent.

I look at a few of the western world’s top mobile apps and I see some things that I would also define as malware. Of course, I’m looking at Facebook and Google. Both are offering user’s legitimate services. They also do things which users do not know about, may not approve of if they did know about it, and will use users data allowance without their knowledge. Of course, with these companies, user’s choose to use these apps, and agree to their EULA as they start using it. But who really reads a EULA? Do we believe that all Facebook users understand that private messages in Facebook Messenger are being collected with information being sold to third parties? Do we really believe that all Google users understand that their every online move and app usage is being collected by Google for their own advertising revenue? I don’t believe so.

Obviously, Hummingbad is malware. There is a line between a true commercial app and malware, but that line has been blurred, and it’s just getting more blurred. The real question is; If Yingmob included a EULA upon installation of an app infected by Hummingbad, informing users, of course in extremely general terms, of what Hummingbad would do to their phones, would it still be considered malware?




FYI, for all the Android Priv users out here, Hummingbad works by gaining root access. BlackBerry Android has yet to be rooted.




BlackBerry Elite Founder & Owner of UTB Blogs and UTB Geek. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.

  • Anthony

    Yingmob is a Chinese business. China is not a democracy, right.

    I’ve seen news articles writing about how the big-brother scenario is actually becoming ‘scary’ in China, going beyond anything Google or Facebook can do to exploit users and destroy privacy.

    Rooting a device without a user’s knowledge and consent should be a “criminal activity”.


    “Yingmob is a legitimate Chinese advertising analytics company.”
    I have a small problem with your use of the term ‘legitimate’. A ‘legitimate’ advertising and analytics company would not stoop to infecting millions of phones with malware.

    • Brad

      I see your point.

      My point is they do legitimate business. As do Facebook and Google. I also don’t see how Facebook and Google tracking our physical location, messages, and turning on phone mics (Facebook) is legitimate business practices.