HummingWhale Android malware infests Google Play

By

Virtual machine removes the need for device rooting.

A new variant of the advanced Android HummingBad malware has spread to apps in the Google Play store, security researchers have found.

HummingWhale Android malware infests Google Play

Dubbed HummingWhale by security vendor Check Point, the malware was uploaded to Google Play using fake Chinese developer names. Check Point said it had found HummingWhale in over 20 apps which had bypassed Google's protection measures.

HummingWhale utilises what Check Point said are cutting edge techniques to conduct ad fraud to generate revenue for its developers.

This includes the use of a disguised Android application package (APK) file that acts as a dropper which downloads and runs further apps, Check Point said.

The dropper uses an Android plugin developed by Chinese security vendor Qihoo 360 to upload fraudulent apps to a virtual machine. 

Using a virtual machine allows HummingWhale to install other apps without having to elevate permissions, and disguises malicious acitivity. The latter tactic allows HummingWhale to infiltrate Google Play, Check Point said.

Thanks to the virtual machine, HummingWhale no longer needs to root Android devices, and can install any amount of malicious, fraudulent apps without overloading user handsets.

Apps run on the virtual machine as if it is a real device, generating a fake referrer identification used to spoof unique users for ad fraud purposes. HummingWhale also copies the Gooligan malware tactic of using fake ratings and comments to raise its reputation on Google Play.

The motivation for HummingWhale, and its predecessor, HummingBad, is to earn money via ad fraud and fake app installs, Check Point said.

The firm released a report in July last year, detailing how Chinese mobile advertising and analytics company Yingmob used the HummingBad malware to serve up millions of ads and to install apps.

HummingBad spread through third-party app stores, infecting over 10 million devices, making the malware one of the most prevalent for Android last year.

Yingmob is believed to earn around US$300,000 a month from the malware.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
androidgooglegoogle playsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?