News Categories

Android OS malware HummingWhale sees over 2 million downloads through Google Play

By Liu Hongzuo - on 24 Jan 2017, 1:58pm

Android OS malware HummingWhale sees over 2 million downloads through Google Play

HummingBad returns - as HummingWhale.

A new Android OS malware threat has risen, and it has been quietly making its way around infected devices and the Google Play app store. It’s called HummingWhale, which was based off an older Android OS malware called HummingBad.

According to cybersecurity research firm Check Point, there are more than 20 Google Play apps with the HummingWhale malware, and those apps have seen anywhere from 2 to 12 million downloads so far. HummingWhale has the same goal as HummingBad – it’s designed to help its perpetrators generate revenue through ad fraud. Previously, HummingBad infected up to 10 million victims and it generated at least US$300,000 a month for its perpetrators.  

Check Point researchers have been tracking HummingWhale for more than a year. They found that it uses virtual machine techniques (as opposed to rooting a victim’s device) to perform advertisement fraud. The malware uploads apps to the VM to run those apps as if it’s on a real device, before generating fake referral IDs for dishonest profit.

This lets HummingWhale install apps without requiring special permissions, ignore the need for its embedded rootkit, and install up to an infinite number of fraud apps without taxing the infected device. The victim will also constantly receive illegitimate advertisements, and closing the ads won’t stop the installation process. It also hides the installed apps, on top of hiding its own malicious activities.

HummingWhale also shares some traits with Gooligan – this malware is also capable of raising its own reputation in the Google Play app store by making infected devices post up fake ratings and comments for infected apps.

Previously, Check Point provided a URL for detecting Gooligan. Now, they’ve created an app for detecting and protecting your Android OS phone or tablet. According to Ars Technica, there are also alternative antivirus apps by Check Point’s competitors that can help in protecting your mobile valuables.

Google has already removed the infected apps from their app store after receiving a private report about the HummingWhale malware.

Source: Ars Technica, Check Point (blog)

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.