Old Android malware still infecting millions of users

Chris Smith

January 23, 2017 at 10:01 PM

Remember HummingBad? It’s an “old” malware from early-to-mid 2016, which was discovered and addressed at the time. However, it looks like it wasn’t killed, and a version of it called HummingWhale has been found in the Google Play store, inside over 20 apps that were downloaded several million times by unsuspecting users.

Don't Miss: Security researcher finds the DDoS mastermind who took down the internet last fall

HummingWhale comes with “cutting edge techniques” that let it perform fraud better than before, Check Point says. That’s the same group that identified the first strain of the malware, which affected more than 10 million users last year.

Check Point also discovered its creators and concluded that the malware was able to generate some $300,000 per month from fraudulent advertising. That’s right, this malware doesn’t steal sensitive data from you. Instead, it hijacks ad views for profit.

The new Google Play apps seem to be camera-related apps uploaded under names of fake Chinese developers. Each of these apps has an encrypted file that’s “suspiciously large.”

The malware can be used to download and execute other apps. Moreover, the app can use an Android plugin to upload fraudulent apps on a virtual machine.

“First, the Command and Control server (C&C) provides fake ads and apps to the installed malware, which presents them to the user,” Check Point writes. “Once the user tries to close the ad, the app, which was already downloaded by the malware, is uploaded to the virtual machine and run as if it is a real device. This action generates the fake referrer id, which the malware uses to generate revenues for the perpetrators.”

The malware is more sophisticated than its predecessor in many ways. It can install apps without getting elevated permissions, and it can install an infinite number of fraudulent apps without actually overloading the device. That means the user would not even notice that something is wrong.

Additionally. HumingWhale also tries to increase its Google Play reputation using fraudulent comments and ratings.

Check Point told BGR that it informed Google About these new malware apps, which were removed from Google Play.

This is how you check if your phone or tablet was infected with a HummingBad strain, although the tools might not necessarily detect HummingWhale as well.

Trending right now:

See the original version of this article on BGR.com

Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Autoblog
Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)
Trucks aren't known for being fuel efficient, though times are changing. These are the trucks with the best gas mileage in various segments.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Wide receiver rankings for 2024 fantasy football
The Yahoo Fantasy football analysts reveal their first wide receiver rankings for the 2024 NFL season.
Yahoo Sports
2024 Fantasy Football Mock Draft, 1.0
The Yahoo Fantasy football crew got together for their very first mock draft of 2024. Andy Behrens recaps the results.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful
Teams have made their big splashes in free agency and made their draft picks, it's time for you to do the same. It's fantasy football mock draft time. Some call this time of year best ball season, others know it's an opportunity to get a leg up on your competition for when you have to draft in August. The staff at Yahoo Fantasy did their first mock draft of the 2024 season to help you with the latter. Matt Harmon and Andy Behrens are here to break it all down by each round and crush some staff members in the process.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Report: Suns fire head coach Frank Vogel after 1st-round playoff sweep, eyeing Mike Budenholzer as replacement
Frank Vogel's out after one season in Phoenix failed to produce a playoff win.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Finance
Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts
The average 30-year fixed mortgage rate edged back toward 7% this week but remains elevated, prompting housing experts to revise their forecasts for the rest of 2024.
Yahoo Sports
Cavaliers flip the script against the Celtics in Game 2, making this series a mystery
For one night, Cleveland's game plan worked to perfection. Do the Cavs have a shot to take down the Celtics?
Yahoo Finance
Recession-proof stocks are leading the market's latest leg higher
The Utilities and Consumer Staples sectors have popped since mid-April as investors search for value.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Old Android malware still infecting millions of users

Recommended Stories

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

The best RBs for 2024 fantasy football, according to our experts

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The FDIC change that leaves wealthy bank depositors with less protection

Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former NBA guard Darius Morris dies at 33

Wide receiver rankings for 2024 fantasy football

2024 Fantasy Football Mock Draft, 1.0

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Report: Suns fire head coach Frank Vogel after 1st-round playoff sweep, eyeing Mike Budenholzer as replacement

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts

Cavaliers flip the script against the Celtics in Game 2, making this series a mystery

Recession-proof stocks are leading the market's latest leg higher

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap