One of the world's largest and most prolific Trojans has been uncovered by security researchers, who claim to have traced the source of the Trojan family and its authors to an "underground internet industry chain" in China. The Trojan, dubbed Hummer, infects over one million users' phones and rakes in up to $500,000 (£375,252) on a daily basis. It stealthily infects users with unwanted apps, malware and even porn.

According to researchers at the Cheetah Mobile Security Research Lab, Hummer has so far affected users in 25 countries and is spreading rapidly across the world. India, Indonesia, Turkey and China have been the most severely affected by the Trojan. However, some European countries including Germany, Romania, Russia, Ukraine as well as the US have also been affected by the malware sprouting Trojan.

"This Trojan continually pops up ads on victims' phones, which is extremely annoying. It also pushes mobile phone games and silently installs porn applications in the background. Unwanted apps appear on these devices, and they're reinstalled shortly after users uninstall them," said Cheetah Mobile Security Research Lab.

The firm added: "During the first half of 2016, the Hummer Trojan infected nearly 1.4 million devices daily at its peak. In China alone, there were up to 63,000 infections every day."

How Hummer works

Once Hummer infects a device, it proceeds to root the phone to gain admin privileges, after which it discreetly installs unnecessary and unwanted apps as well as malware in the background. These apps and malware in turn, end up consuming immense amounts of network traffic. Researchers noted that in mere hours, the Trojan accessed the network over 10,000 times, downloading over 200 APKs and devouring almost 2GB of network traffic.

The Trojan, unfortunately, is extremely difficult to remove, as it has the ability to "gain the highest control" over phone systems. Researchers have warned that the Hummer cannot be deleted using standard anti-virus software, nor can it be removed by resetting the device. In fact, the most recent variant of the malware has 18 different rooting techniques that enable Hummer to root devices, making the Trojan extremely effective and dangerous.

New China-based Hummer Android malware rakes in $500,000 a day infecting over 1m users with porn
Researchers claim that their analysis led them to conclude that China-based threat actors are linked to the Trojan familyReuters

Researchers at the Cheetah Mobile Security Research Lab claim that their analysis led them to conclude that China-based threat actors are linked to the Trojan family. "The researchers believe that this Trojan family originated from the underground internet industry chain in China, based on the Trojan codes that have been uploaded to an open-source platform by a careless member of the criminal group behind the Trojan family," the firm stated.

Researchers analysing Hummer's infection rate and spread noted that between January and June 2016, Hummer surpassed rival malware Ghostpush to infect an average of 1,190,000 devices, which according to the Cheetah Mobile Security Research Lab is "larger than any other mobile phone Trojan".