Hummingbad malware has affected android devices last July 2016. However, there is a new variant that is more potent. It is dubbed the HummingWhale.
Security firm CheckPoint security firm has detected the presence of the malware named HummingWhale. It has been found in 20 Android apps which is commonly used by Android users. It has been estimated that between 2 to 12 million users have been affected but this number has not yet been confirmed.
As per their analysis back in 2016 of the original malware HummingBad that was originally found July last year. They were able to infect 10 million or more devices. It has been determined that the hacking Yingmob, a Chinese hacking group claimed resposibility for the said attack.
They have said that HummingBad was also a “sophisticated and well-developed malware” that employed a rootkit and chain-attack tactic to acquire complete control over the infected phone/device.
Below is a sample of the infected app.
With that being said, they were able to target non-Google apps and were able to exploit unpatched vulnerabilities and security flaws which provided them root access on older Android OS versions. Google has shut it down, however, it was able to install itself on more than 50,000 apps as it was infecting apps on a daily basis. They were able to display 20 million malicious ads which helped them rake $300,000 per month in revenue.
Checkpoint gaver us a fair amount of warning last year.
There is a high probability that they are a different group behind the HummingWhale attack. They seem to be familiar with the workings of the HummingBad malware. A lot of elements are shared and methodology seem to be the same.
This is a good example of malware of malware creators learning from each other. The tactics and methods that are introduced by one group is being embraced and adopted by the new developers. This is a good reminder that Google Play does not guarantee 100% security and protection since bad guys always seem to find a way to circumvent current security and make it a step further and a few steps ahead of security firms.