We know that Hackers hack for a variety of reasons:
…some hack to test their skills,
…some hack to gain recognition,
…some hack to make money,
…some hack to support their Nation-State strategy,
…and, some hack alone, and some hack in Groups.
And Chinese Hackers are the ones who are infamous for their dedication towards Hacking.
Chinese hacking groups are better known for attacking and stealing information, organized cyber crimes, theft of intellectual property and state-sponsored cyber espionage attacks.
But it seems that several Chinese hacker groups have now shifted their motive of hacking towards ‘making money’.
How much Money Hackers Actually Make?
It is a known fact that hacking makes money, but how much?
Answer: At least $4,500,000/year from one malware campaign.
How? We often observe mobile and desktop applications bundled with Ad-displaying programs, called Adware, to generate revenue.
Just last week we reported about “Kemoge Android Adware,” disguising itself as popular apps, is making the rounds in as many as 20 countries.
Kemoge malware, whose origin is suspected from China, can root vulnerable Android devices, which practically allows hackers to take over victim’s Android device.
Once installed, the malware automatically download other Apps it gets paid to promote.
But Kemoge adware is not alone, the researchers have discovered some it’s variants that belong to the same malware family.
Chinese Adware Family Threatening your Android
In a recent blog post
, Security experts at Cheetah Mobile
company, developers of CM Security and Antivirus apps, detailed about how Chinese hackers are making millions of profits from underground App distribution chains.
Other members of the same family are:
- Ghost Push
- Guaranteed Clicks
All these malware under same illegal Mobile Marketing Industry Chain follow a similar modus operandi; which is:
- Repackage popular apps to injected malicious code and Ad components
- Bypass Google Play Store’s Bouncer Security
- Exploiting existing Android vulnerabilities to gain Admin-level permissions
- Root users’ devices that make them unable to uninstall the virus
- And then promote malicious apps through legitimate channels
“As users are completely unable to uninstall these malicious apps, the virus developers soon get a massive number of active users.” Cheetah Mobile researcher said.
“With this user base, the virus developer is able to set up a marketing promotion company and become a mobile dealer. Then they have the qualifications to cooperate with ad sponsors, making money by distributing products for advertisers.”
These malicious apps were found on some famous App Stores, including Google Play, Aptoide and Mobogonie.
Some Critical Findings from their Research are:
- This Virus family includes 4000 Samples
- The Adware is affecting Android versions from 2.3 to 5.1.
- More than 10,000 phone types and 2,742 brands have been affected.
- The virus has affected more than 900,000 Android users in over 116 countries, especially Southeast Asia.
- More than four suspicious domain names have been identified.
Tips for keeping your Android Device Safe
Users are advised to:
- never click on suspicious links from emails or websites,
- be careful what you download,
- don’t install apps without reviewing them,
- inspect each and every permission an Android app asks for,
- keep your Android device updated.