Android malware HummingBad is making a comeback with boosted capabilities that make it harder to detect and remove.
Dubbed HummingWhale, the malware is a tweaked version of HummingBad, which was reportedly created by a Chinese advertising company to trick users of infected Android devices to click on mobile and web adverts thereby generating fraudulent advertising revenue for the company.
In itself HummingBad was not used for particularly malicious cyber attacks but because it install a rootkit on to an infected Android device it gains high level permissions to the device’s functions, thereby potentially enabling an attacker to wreak havoc within the Android environment, such as installing data stealing key-loggers or bypassing encrypted email containers.
Instead it relies on virtual machines to support it and run fraudulent apps, which avoids overloading a targeted device.
HummingWhale can also run these apps without needing the elevated permissions normally required within the Android mobile operating system.
To make things worse, HummingWhale can also jump onto a virtual machine to hide itself from detection if a user notices and closes its process on their device.
“First, the Command and Control server (C&C) provides fake ads and apps to the installed malware, which presents them to the user. Once the user tries to close the ad, the app, which was already downloaded by the malware, is uploaded to the virtual machine and run as if it is a real device. This action generates the fake referrer id, which the malware uses to generate revenues for the perpetrators,” explained Check Point’s mobile cyber security analyst Oren Koriat.
He noted that this allows HummingWhale to install an infinite number of fraudulent apps and disguise its fraudulent activity so that it can infiltrate the Google Play store.
“HummingWhale also conducted further malicious activities, like displaying illegitimate ads on a device, and hiding the original app after installation, a trait which was noticed by several users,” added Koriat.
Check Point identified 20 apps so far that were infected with HummingWhale and have since been removed from Google Play. However, the fact that it is effectively old malware making a comeback in a different guise, is concerning and highlights that the open nature of Android compared to the more locked down Apple iOS has its shortcomings.
Are you a security pro? Try our quiz!
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…