A family of malware uploaded to at least 10 million Android devices last year has reared its ugly head again by hiding inside Google Play apps. Dubbed as the HummingWhale, the malware is believed to be related to HummingBad, which is another family of malware that invaded non-Google apps in July 2016.
During HummingBad's time, there were 50,000 fraudulent apps installed, 20 million malicious advertisements displayed, and $300,000 earned through revenues per month.
The success of the malware was attributed to the fact that it could root infected phones by exploiting the weaknesses in older versions of Android. The new version, however, appears to be stronger than its predecessor. It no longer makes use of the rootkit component that HummingBad used when downloading unwanted apps on infected handsets.
What Does HummingWhale Do?
Unlike other malware that phishes and steals one's personal information, HummingWhale hijacks ad views to earn money. It shows unwanted ads to users of the infected devices.
Once a user closes an ad, an app will be downloaded by the malware without permission. This will generate a fake referrer ID, allowing the attacker to earn money through pay-per-install affiliate programs.
Other Characteristics Displayed by HummingWhale
According to Check Point security researchers, the HummingWhale malware has affected more than 20 apps from Google Play Store and was downloaded several million times, reportedly between 2 million and 12 million, by unknowing subscribers.
"This is a prime example of malware developers learning from each other, as tactics that were introduced by one of them are quickly adopted by others," says the security firm.
Aside from hijacking ad views, the malware has been known to display illegitimate ads on an infected device then hide the app after it has been successfully downloaded.
Another behavior it exhibited is its ability to post ratings, reviews, and comments at Google Play Store to improve online reputation. Google has already removed the malicious software from the Play Store, but if you still want to check and determine if your device has been infected by HummingWhale, you can download the Check Point Protect app to find out.
To protect yourself and your device from malware, make sure to download third-party apps from trusted mobile app developers. For an extra layer of protectiom, you can also choose to download an antivirus software, most of which have mobile versions available in iOS and Android.