Date:26/01/17
A new variant of the advanced Android HummingBad malware has spread to apps in the Google Play store, security researchers have found.
Dubbed HummingWhale by security vendor Check Point, the malware was uploaded to Google Play using fake Chinese developer names. Check Point said it had found HummingWhale in over 20 apps which had bypassed Google's protection measures.
HummingWhale utilises what Check Point said are cutting edge techniques to conduct ad fraud to generate revenue for its developers.
This includes the use of a disguised Android application package (APK) file that acts as a dropper which downloads and runs further apps, Check Point said.
The dropper uses an Android plugin developed by Chinese security vendor Qihoo 360 to upload fraudulent apps to a virtual machine.
Using a virtual machine allows HummingWhale to install other apps without having to elevate permissions, and disguises malicious acitivity. The latter tactic allows HummingWhale to infiltrate Google Play, Check Point said.
Thanks to the virtual machine, HummingWhale no longer needs to root Android devices, and can install any amount of malicious, fraudulent apps without overloading user handsets.
Apps run on the virtual machine as if it is a real device, generating a fake referrer identification used to spoof unique users for ad fraud purposes. HummingWhale also copies the Gooligan malware tactic of using fake ratings and comments to raise its reputation on Google Play.
The motivation for HummingWhale, and its predecessor, HummingBad, is to earn money via ad fraud and fake app installs, Check Point said.
The firm released a report in July last year, detailing how Chinese mobile advertising and analytics company Yingmob used the HummingBad malware to serve up millions of ads and to install apps.
HummingBad spread through third-party app stores, infecting over 10 million devices, making the malware one of the most prevalent for Android last year.
Yingmob is believed to earn around US$300,000 a month from the malware.
HummingWhale Android malware infests Google Play
A new variant of the advanced Android HummingBad malware has spread to apps in the Google Play store, security researchers have found.Dubbed HummingWhale by security vendor Check Point, the malware was uploaded to Google Play using fake Chinese developer names. Check Point said it had found HummingWhale in over 20 apps which had bypassed Google's protection measures.
HummingWhale utilises what Check Point said are cutting edge techniques to conduct ad fraud to generate revenue for its developers.
This includes the use of a disguised Android application package (APK) file that acts as a dropper which downloads and runs further apps, Check Point said.
The dropper uses an Android plugin developed by Chinese security vendor Qihoo 360 to upload fraudulent apps to a virtual machine.
Using a virtual machine allows HummingWhale to install other apps without having to elevate permissions, and disguises malicious acitivity. The latter tactic allows HummingWhale to infiltrate Google Play, Check Point said.
Thanks to the virtual machine, HummingWhale no longer needs to root Android devices, and can install any amount of malicious, fraudulent apps without overloading user handsets.
Apps run on the virtual machine as if it is a real device, generating a fake referrer identification used to spoof unique users for ad fraud purposes. HummingWhale also copies the Gooligan malware tactic of using fake ratings and comments to raise its reputation on Google Play.
The motivation for HummingWhale, and its predecessor, HummingBad, is to earn money via ad fraud and fake app installs, Check Point said.
The firm released a report in July last year, detailing how Chinese mobile advertising and analytics company Yingmob used the HummingBad malware to serve up millions of ads and to install apps.
HummingBad spread through third-party app stores, infecting over 10 million devices, making the malware one of the most prevalent for Android last year.
Yingmob is believed to earn around US$300,000 a month from the malware.
Views: 512
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
