More than 20 apps were affected by the return of the HummingBad malware in its latest avatar – HummingWhale – on Google Play Store. Google has now removed it from its app store, but over 12 million users could have already downloaded the affected apps before the Google Security Team had a chance to remove them.
Security company Check Point, which discovered the malware and has called HummingWhale, says that this new version of the HummingBad malware uses Ad fraud to generate revenue for its actors. The malware uses advanced techniques, and were injected into apps that were put on the Play Store under fake Chinese developers’ names.
The original malware, HummingBad, was also discovered by Check Point nearly a year ago in February 2016. At the time, it was identified as an “extremely sophisticated and well-developed malware.” Later in 2016, in July, Check Point finally unveiled the workings of HummingBad and even identified Yingmob as the Chinese hacker group as being responsible for the malware.
HummingBad was extremely lucrative for the actors, netting them $300,000 a month even when it was only being spread through third-party app stores. During the first half of 2016 it affected over 10 million users and became the fourth more prevalent malware in the world and accounting for 72% of mobile device attacks.
Check Point says that it was only a matter of time before it made its way into the Google Play Store after sufficiently evolving into what they are now calling HummingWhale.
The dangerous part about HummingWhale is that it installs additional apps, shows illegitimate ads and even hides the original app after it’s been installed. What’s more, it artificially starts getting higher ratings through fake reviews and comments.
As of now, the security team at Google appears to have removed the affected apps. We’re hoping they’ll keep their eyes peeled for further activity, but there’s always the risk of these apps remaining on third-party app stores.
One major difference between HummingBad and HummingWhale is that the latter can install an unlimited number of malicious and fraudulent apps on your device because it uses a virtual machine (VM) to host the apps. That means your Android device won’t get overloaded, but you’ll still be seeing these additional apps.
HummingWhale doesn’t even need to root your Android device in order to run because of the VMs. It uses an APK file as a “dropper”, which then automatically downloads and runs other apps on your smartphone or tablet. If you close the process, it hops on to the VM, which makes it even harder to detect and remove.
For now, Google Play Store appears to be cleared of these apps, but to keep your device safe, do not install any application packages obtained from third-party sources.
Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.