Trusted Design

HummingBad: A Persistent Mobile Chain Attack

概要

Check Point Mobile Threat Prevention has detected a new, unknown mobile malware that targeted two customer Android devices belonging to employees at a large financial services institution. Mobile Threat Prevention identified the threat automatically by detecting exploitation attempts while examining the malware in the MTP emulators. The infection was remediated after the system notified the devices owners and the system administrators. The infection vector was a drive-by download attack, and the Check Points Threat-Cloud indicates some adult content sites served the malicious payload. Called HummingBad, this malware establishes a persistent rootkit with the objective to generate fraudulent ad revenue for its perpetrator, similar to the Brain Test app discovered by Check Point earlier this year. In addition, HummingBad installs fraudulent apps to increase the revenue stream for the fraudster.

Created: 2026-02-23

Indicators

類似Pulses

ZBot Malware (score: 0.64)
Android Marcher: Continuously Evolving Mobile Malware (score: 0.64)
New Android "Ghost Push" Variants (score: 0.63)
BankBot Found on Google Play and Targets Ten New UAE Banking Apps (score: 0.62)
IBM Trusteer: Mazain Mobile Bot Sees Increasing Prevalence in France and Spain (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Winnti Group

Score: 3.29

Matched TTPs:

T1014 - Rootkit

MITREへのリンク →

APT41

Score: 9.86

Matched TTPs:

T1014 - Rootkit
T1069 - Permission Groups Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Rocke

Score: 6.57

Matched TTPs:

T1014 - Rootkit
T1102.001 - Dead Drop Resolver

MITREへのリンク →

TeamTNT

Score: 7.44

Matched TTPs:

T1014 - Rootkit
T1608.001 - Upload Malware
T1036 - Masquerading

MITREへのリンク →

APT28

Score: 29.56

Matched TTPs:

T1014 - Rootkit
T1091 - Replication Through Removable Media
T1036 - Masquerading
T1557.004 - Evil Twin
T1210 - Exploitation of Remote Services
T1546.015 - Component Object Model Hijacking
T1189 - Drive-by Compromise
T1137.002 - Office Test
T1078.004 - Cloud Accounts

MITREへのリンク →

UNC3886

Score: 6.44

Matched TTPs:

T1014 - Rootkit
T1027.005 - Indicator Removal from Tools

MITREへのリンク →

Scattered Spider

Score: 11.08

Matched TTPs:

T1069 - Permission Groups Discovery
T1657 - Financial Theft
T1585.001 - Social Media Accounts
T1078.004 - Cloud Accounts

MITREへのリンク →

TA505

Score: 5.26

Matched TTPs:

T1069 - Permission Groups Discovery
T1608.001 - Upload Malware

MITREへのリンク →

Volt Typhoon

Score: 7.42

Matched TTPs:

T1069 - Permission Groups Discovery
T1614 - System Location Discovery

MITREへのリンク →

APT3

Score: 6.44

Matched TTPs:

T1069 - Permission Groups Discovery
T1027.005 - Indicator Removal from Tools

MITREへのリンク →

FIN13

Score: 7.99

Matched TTPs:

T1069 - Permission Groups Discovery
T1036 - Masquerading
T1657 - Financial Theft

MITREへのリンク →

APT42

Score: 9.26

Matched TTPs:

T1547 - Boot or Logon Autostart Execution
T1608.001 - Upload Malware
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Gamaredon Group

Score: 5.01

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.001 - Upload Malware

MITREへのリンク →

LuminousMoth

Score: 5.01

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.001 - Upload Malware

MITREへのリンク →

Aoqin Dragon

Score: 5.22

Matched TTPs:

T1091 - Replication Through Removable Media
T1036 - Masquerading

MITREへのリンク →

Darkhotel

Score: 4.80

Matched TTPs:

T1091 - Replication Through Removable Media
T1189 - Drive-by Compromise

MITREへのリンク →

Mustang Panda

Score: 13.68

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.001 - Upload Malware
T1176.002 - IDE Extensions
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN7

Score: 7.75

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.001 - Upload Malware
T1210 - Exploitation of Remote Services

MITREへのリンク →

Tropic Trooper

Score: 9.40

Matched TTPs:

T1091 - Replication Through Removable Media
T1573 - Encrypted Channel
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Sandworm Team

Score: 14.19

Matched TTPs:

T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1036 - Masquerading
T1589.003 - Employee Names
T1585.001 - Social Media Accounts

MITREへのリンク →

TA2541

Score: 4.72

Matched TTPs:

T1608.001 - Upload Malware
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Earth Lusca

Score: 6.48

Matched TTPs:

T1608.001 - Upload Malware
T1210 - Exploitation of Remote Services
T1189 - Drive-by Compromise

MITREへのリンク →

Kimsuky

Score: 18.10

Matched TTPs:

T1608.001 - Upload Malware
T1589.003 - Employee Names
T1657 - Financial Theft
T1585.001 - Social Media Accounts
T1588.005 - Exploits
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Mustard Tempest

Score: 3.74

Matched TTPs:

T1608.001 - Upload Malware
T1189 - Drive-by Compromise

MITREへのリンク →

OilRig

Score: 16.43

Matched TTPs:

T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1036 - Masquerading
T1027.005 - Indicator Removal from Tools
T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

LazyScripter

Score: 4.16

Matched TTPs:

T1608.001 - Upload Malware
T1036 - Masquerading

MITREへのリンク →

Star Blizzard

Score: 4.31

Matched TTPs:

T1608.001 - Upload Malware
T1585.001 - Social Media Accounts

MITREへのリンク →

Threat Group-3390

Score: 6.48

Matched TTPs:

T1608.001 - Upload Malware
T1210 - Exploitation of Remote Services
T1189 - Drive-by Compromise

MITREへのリンク →

SideCopy

Score: 6.11

Matched TTPs:

T1608.001 - Upload Malware
T1614 - System Location Discovery

MITREへのリンク →

BITTER

Score: 5.59

Matched TTPs:

T1608.001 - Upload Malware
T1573 - Encrypted Channel

MITREへのリンク →

APT32

Score: 8.27

Matched TTPs:

T1608.001 - Upload Malware
T1036 - Masquerading
T1585.001 - Social Media Accounts
T1189 - Drive-by Compromise

MITREへのリンク →

HEXANE

Score: 4.31

Matched TTPs:

T1608.001 - Upload Malware
T1585.001 - Social Media Accounts

MITREへのリンク →

Moonstone Sleet

Score: 6.84

Matched TTPs:

T1608.001 - Upload Malware
T1585.001 - Social Media Accounts
T1566.003 - Spearphishing via Service

MITREへのリンク →

Contagious Interview

Score: 11.55

Matched TTPs:

T1608.001 - Upload Malware
T1036 - Masquerading
T1657 - Financial Theft
T1585.001 - Social Media Accounts
T1566.003 - Spearphishing via Service

MITREへのリンク →

EXOTIC LILY

Score: 6.84

Matched TTPs:

T1608.001 - Upload Malware
T1585.001 - Social Media Accounts
T1566.003 - Spearphishing via Service

MITREへのリンク →

Ember Bear

Score: 12.91

Matched TTPs:

T1195 - Supply Chain Compromise
T1036 - Masquerading
T1210 - Exploitation of Remote Services
T1588.005 - Exploits

MITREへのリンク →

menuPass

Score: 4.93

Matched TTPs:

T1036 - Masquerading
T1210 - Exploitation of Remote Services

MITREへのリンク →

BRONZE BUTLER

Score: 7.24

Matched TTPs:

T1036 - Masquerading
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Windshift

Score: 6.48

Matched TTPs:

T1036 - Masquerading
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Storm-1811

Score: 4.71

Matched TTPs:

T1036 - Masquerading
T1566.003 - Spearphishing via Service

MITREへのリンク →

Winter Vivern

Score: 3.95

Matched TTPs:

T1036 - Masquerading
T1189 - Drive-by Compromise

MITREへのリンク →

PLATINUM

Score: 3.95

Matched TTPs:

T1036 - Masquerading
T1189 - Drive-by Compromise

MITREへのリンク →

Silent Librarian

Score: 3.84

Matched TTPs:

T1589.003 - Employee Names

MITREへのリンク →

Storm-0501

Score: 5.45

Matched TTPs:

T1657 - Financial Theft
T1078.004 - Cloud Accounts

MITREへのリンク →

Medusa Group

Score: 15.77

Matched TTPs:

T1657 - Financial Theft
T1585.001 - Social Media Accounts
T1573.002 - Asymmetric Cryptography
T1529 - System Shutdown/Reboot
T1218.014 - MMC

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1657 - Financial Theft
T1585.001 - Social Media Accounts

MITREへのリンク →

Fox Kitten

Score: 5.09

Matched TTPs:

T1210 - Exploitation of Remote Services
T1585.001 - Social Media Accounts

MITREへのリンク →

Dragonfly

Score: 4.51

Matched TTPs:

T1210 - Exploitation of Remote Services
T1189 - Drive-by Compromise

MITREへのリンク →

Patchwork

Score: 8.20

Matched TTPs:

T1027.005 - Indicator Removal from Tools
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Deep Panda

Score: 3.15

Matched TTPs:

T1027.005 - Indicator Removal from Tools

MITREへのリンク →

GALLIUM

Score: 3.15

Matched TTPs:

T1027.005 - Indicator Removal from Tools

MITREへのリンク →

Turla

Score: 4.92

Matched TTPs:

T1027.005 - Indicator Removal from Tools
T1189 - Drive-by Compromise

MITREへのリンク →

Leviathan

Score: 4.11

Matched TTPs:

T1585.001 - Social Media Accounts
T1189 - Drive-by Compromise

MITREへのリンク →

CURIUM

Score: 6.63

Matched TTPs:

T1585.001 - Social Media Accounts
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Lazarus Group

Score: 14.38

Matched TTPs:

T1585.001 - Social Media Accounts
T1189 - Drive-by Compromise
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service
T1529 - System Shutdown/Reboot

MITREへのリンク →

Magic Hound

Score: 10.25

Matched TTPs:

T1585.001 - Social Media Accounts
T1573 - Encrypted Channel
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT29

Score: 9.07

Matched TTPs:

T1573 - Encrypted Channel
T1078.004 - Cloud Accounts
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

APT38

Score: 5.39

Matched TTPs:

T1189 - Drive-by Compromise
T1529 - System Shutdown/Reboot

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT37

Score: 5.39

Matched TTPs:

T1189 - Drive-by Compromise
T1529 - System Shutdown/Reboot

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.79

Matched TTPs:

T1036 - Masquerading
T1557.004 - Evil Twin
T1546.015 - Component Object Model Hijacking
T1091 - Replication Through Removable Media
T1189 - Drive-by Compromise
T1014 - Rootkit
T1137.002 - Office Test
T1078.004 - Cloud Accounts
T1210 - Exploitation of Remote Services

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る