ETDA ThaiCERT
Report
Search
Home > List all groups > Yingmob

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Yingmob

NamesYingmob (real name)
CountryChina China
MotivationFinancial gain
First seen2016
Description(Check Point) Check Point Mobile Threat Prevention has detected a new, unknown mobile malware that targeted two customer Android devices belonging to employees at a large financial services institution. Mobile Threat Prevention identified the threat automatically by detecting exploitation attempts while examining the malware in the MTP emulators.

The infection was remediated after the system notified the devices owners and the system administrators. The infection vector was a drive-by download attack, and the Check Points Threat-Cloud indicates some adult content sites served the malicious payload.

Called HummingBad, this malware establishes a persistent rootkit with the objective to generate fraudulent ad revenue for its perpetrator, similar to the Brain Test app discovered by Check Point earlier this year. In addition, HummingBad installs fraudulent apps to increase the revenue stream for the fraudster.
ObservedCountries: Algeria, Bangladesh, Brazil, China, Colombia, Egypt, India, Indonesia, Malaysia, Mexico, Nepal, Pakistan, Philippines, Romania, Russia, Thailand, Turkey, Ukraine, USA, Vietnam and others.
Tools usedDroidPlugin, Eomobi, HummingBad, HummingWhale, Yispecter.
Operations performedJan 2017A Whale of a Tale: HummingBad Returns
<https://blog.checkpoint.com/2017/01/23/hummingbad-returns/>
Information<https://blog.checkpoint.com/2016/02/04/hummingbad-a-persistent-mobile-chain-attack/>
<http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Wizard Spider, Gold Blackburn
Next: Zombie Spider

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key