{
	"id": "7a651344-a288-42c7-86f6-7241ef21577c",
	"created_at": "2026-04-06T00:09:45.903711Z",
	"updated_at": "2026-04-10T13:11:23.477268Z",
	"deleted_at": null,
	"sha1_hash": "1c096785ab9e9a04b6375091eef9fdd5f0c640a4",
	"title": "Hummingbad",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 59162,
	"plain_text": "Hummingbad\r\nBy Contributors to Wikimedia projects\r\nPublished: 2016-07-06 · Archived: 2026-04-05 16:37:41 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nHummingBad is Android malware created by Chinese advertising company, Yingmob. It was discovered by\r\nCheck Point in February 2016.[1]\r\nResearchers from Check Point said the malware installs more than 50,000 fraudulent apps each day, displays 20\r\nmillion malicious advertisements, and generates more than $300,000 per month in revenue.[2][3] The research\r\npointed out the Yingmob group, previously accused of being responsible for the Yispecter iOS malware, as being\r\nresponsible for the attack.[4]\r\nThe malware infected more than 10 million Android devices worldwide, most of which were located in China and\r\nIndia and were running outdated versions of Android.[5]\r\nBotnet\r\nBrain Test\r\nComputer virus\r\nDendroid (Malware)\r\nFile binder\r\nIndividual mobility\r\nMalware\r\nMobile operating system\r\nTrojan horse (computing)\r\nWorm (computing)\r\nZombie (computer science)\r\n1. ^ \"HummingBad: A Persistent Mobile Chain Attack\". checkpoint.com. 4 February 2016. Retrieved 9\r\nOctober 2016.\r\n2. ^ Dan Goodin - Jul 7, 2016 5:50 pm UTC (2016-07-07). \"10 million Android phones infected by all-powerful auto-rooting apps\". Ars Technica. Retrieved 2016-10-02. {{cite web}} : CS1 maint: numeric\r\nnames: authors list (link)\r\n3. ^ \"From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android\r\nMalware Campaign\". Check Point Blog. 2016-07-01. Retrieved 2016-10-09.\r\n4. ^ \"YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs\r\n- Palo Alto Networks Blog\". Palo Alto Networks Blog. 2015-10-04. Retrieved 2016-10-09.\r\n5. ^ Goodin, Dan (7 July 2016). \"10 million Android phones infected by all-powerful auto-rooting apps\". Ars\r\nTechnica.\r\nhttps://en.wikipedia.org/wiki/Hummingbad\r\nPage 1 of 2\n\nSource: https://en.wikipedia.org/wiki/Hummingbad\r\nhttps://en.wikipedia.org/wiki/Hummingbad\r\nPage 2 of 2\n\nWorm Zombie (computing) (computer science)     \n1. ^ \"HummingBad: A Persistent Mobile Chain Attack\". checkpoint.com. 4 February 2016. Retrieved 9\nOctober 2016.     \n2. ^ Dan Goodin-Jul 7, 2016 5:50 pm UTC (2016-07-07). \"10 million Android phones infected by all\u0002\npowerful auto-rooting apps\". Ars Technica. Retrieved 2016-10-02. {{cite web}} : CS1 maint: numeric\nnames: authors list (link)     \n3. ^ \"From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android\nMalware Campaign\". Check Point Blog. 2016-07-01. Retrieved 2016-10-09.  \n4. ^ \"YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs\n-Palo Alto Networks Blog\". Palo Alto Networks Blog. 2015-10-04. Retrieved 2016-10-09. \n5. ^ Goodin, Dan (7 July 2016). \"10 million Android phones infected by all-powerful auto-rooting apps\". Ars\nTechnica.      \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://en.wikipedia.org/wiki/Hummingbad"
	],
	"report_names": [
		"Hummingbad"
	],
	"threat_actors": [
		{
			"id": "0afff988-cf8a-443b-9e2e-8686e511d0ed",
			"created_at": "2023-01-06T13:46:38.45683Z",
			"updated_at": "2026-04-10T02:00:02.982791Z",
			"deleted_at": null,
			"main_name": "HummingBad",
			"aliases": [],
			"source_name": "MISPGALAXY:HummingBad",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "45577352-1038-44a4-b111-44764d26a4b0",
			"created_at": "2022-10-25T16:07:24.591806Z",
			"updated_at": "2026-04-10T02:00:05.046659Z",
			"deleted_at": null,
			"main_name": "Yingmob",
			"aliases": [],
			"source_name": "ETDA:Yingmob",
			"tools": [
				"DroidPlugin",
				"Eomobi",
				"HummingBad",
				"HummingWhale",
				"Yispecter",
				"ZxxZ"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434185,
	"ts_updated_at": 1775826683,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1c096785ab9e9a04b6375091eef9fdd5f0c640a4.pdf",
		"text": "https://archive.orkl.eu/1c096785ab9e9a04b6375091eef9fdd5f0c640a4.txt",
		"img": "https://archive.orkl.eu/1c096785ab9e9a04b6375091eef9fdd5f0c640a4.jpg"
	}
}