CheckPoint security firm has recently detected the presence of the very dangerous HummingWhale malware in 20 about Android apps, which are very commonly used by Android users since these are downloaded millions of times (nearly 2 to 12 million you know that play store doesn’t give you accurate downloads right).
According to this analysis of CheckPoint, back in 2016, there is a version of HummingWhale malware known as HummingBad which was found in official apps available on Google Play Store which managed to affect 10 million or even more devices. In this case, Yingmob, a Chinese hacker group, was claimed to be the responsible one behind these.
CheckPoint noted that the HummingBad is also a “sophisticated and a well-developed malware” which employed a rootkit and a chain-attack tactic to acquire the complete control over infected phone/device. It targeted many non-Google apps and exploited the unpatched vulnerabilities and security flaws which provided it the root privileges on the devices running on older Android OS versions. Google will eventually shut it down, but by then HummingBad would have installed in over 50,000 apps as it was infecting apps on daily basis. It has displayed 20 million malicious ads and helped attackers make $300,000 per month as the revenue. Out of the 10 million users who downloaded apps that are infected with HummingBad, around 286,000 were located in the US alone.
HummingWhale is different from HummingBad regarding impact and severity. It is much more sophisticated than HummingBad and launches different fake apps and ads after gaining control of the device. It also controls its command and control center to virtually kill the device it inhabits. It has so far affected 20 apps on Google Play Store. Unlike previous version HummingBad, HummingWhale doesn’t root devices but includes virtual machine tactics that let the malware perform ad fraud more convincingly.