If you are an android user you should be concerned. There is a highly chance that your device could have been infected without your knowledge. Check Point researchers have found a new variant of the HummingBad malware, referred to as HummingWhale, hidden in more than 20 apps on Google Play store. This means that users cannot rely confidently on the Google Play for protection. According to Check Point researchers, the infected apps in the campaign were downloaded several million times by unsuspecting users.
All of the apps were uploaded under the names of fake Chinese developers. The HummingBad malware surfaced in February 2016 and ended up earning its creators up to $300,000 per month in ad fraud revenue. This malware is more dangerous since it is does not rely on third party app stores but spreads as a legitimate looking app on the Google Play store. Apparently the malware disguises itself as a camera app.
The following is the process employed by this malware on your device:
“First, the Command and Control server (C&C) provides fake ads and aps to the installed malware, which presents them to the user. Once the user tries to close the ad, the app, which was already downloaded by the malware, is uploaded by the virtual machine (DroidPlugin) and run as if it is a real device. This action generates the fake referrer id, which the malware uses to generate revenues for the perpetrators.
This method has several advantages:
- It allows the malware to install apps without gaining elevated permissions first.
- It disguises the malicious activity, which allows it to infiltrate Google Play.
- It allows the malware to let go of its embedded rootkit since it can achieve the same effect even without it.
- It can install an infinite number of fraudulent apps without overloading the device.”
The HummingWhale malware also displays illegitimate ads on a device and hides the original app after installation.