Last year, security firm Check Point already warned all Android users regarding a new type of malware called HummingBad. This time, Check Point has let off another warning about Android malware called HummingWhale that was hidden inside 20 apps in Google Play and could have been downloaded millions of times.
HummingWhale Malware Infect Millions Of Android Devices
HummingWhale is a variant of HummingBad, which was as bad as its name suggests. The HummingWhale malware is a much more sophisticated thing compared to the earlier one. It uses its control and command center to basically kill any Android phone through shitty fake apps and ads. Last year, CheckPoint gave us the warning about Hummingbird. That variant presented itself within very legitimate applications on the Google Play store.
"HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a chain-attack tactic and a rootkit to gain full control over the infected device" CheckPoint explains.The security company estimated that perhaps, an approximation of 10 million people have been affected by this malware. It also identified that the culprits as a Chinese hacking outfit called Yingmob, as reported by The Inquirer.
"The malware was spread through third-party app stores and affected over 10 million victims, rooting thousands of devices each day and generating at least $300,000 per month. HummingBad was so widespread that in the first half of 2016 it reached fourth place in ‘the most prevalent malware globally' list, and dominated the mobile threat landscape with over 72 per cent of attacks."
The security firm also said in an update that "This new variant, dubbed ‘HummingWhale,’ includes new, cutting edge techniques that allow it to perform ad fraud better than ever before." The malware was probably only a matter of time before the malware named HummingBad evolved and made its way onto Google Play Store. "HummingWhale malware first raised suspicions when Check Point researchers analyzed one of the apps."
Here's How To Avoid It HummingWhale Malware
If you were infected with HummingBad you had few options to do. If your Android smartphone was not just a crappy block of shiny metal you might have been abe to perform a factory reset on it. As easy at it is. But this option is always considered a last resort for the great un-backed up.
According to Trusted Reviews, CheckPoint says it also identified several new HummingBad samples which also promote the new HummingWhale version of the malware. This is how the company says the malware works:
"First, the Command and Control server (C&C) provides fake ads and apps to the installed malware, which presents them to the user. Once the user tries to close the ad, the app, which was already downloaded by the malware, is uploaded to the virtual machine and run as if it is a real device. This action generates the fake referrer ID, which the malware uses to generate revenues for the perpetrators."
But HummingWhale also conducts other malicious activities on the Google Play Store and if the app is already downloaded, in the Android smartphone, including displaying illegitimate ads and hiding the original app after installation. While CheckPoint doesn't believe the new version of the malware was produced by the same Yingmob group, which is behind HummingBad, the company says that whoever is behind the HummingWhale malware seems to have learned from the previous version.
The good news is, Google has already removed all the applications affected by HummingWhale malware from the Play Store according to the security firm's update. If you think you may have still infected by, the best option is to simply carry out a factory reset of your device, after backing up any files such as photos and other media.