HummingBad, an Android malware estimated to have touched over 85 million devices worldwide, was recently found in 46 new applications, 20 of which had even made their way into the official Play Store, passing Google's security checks.
In terms of Android malware, HummingBad is the biggest player active today, accounting for 72% of all mobile infections, according to Israeli security firm Check Point.
The large number of infections has also garnered HummingBad a place on the top 10 list of currently active malware families in the past few months.
HummingBad creators earning an estimated $300,000 per month
HummingBad is barely a year old, being first detected in February 2016. The malware is used to download other apps on compromised devices or click on ads to generate profits for the malware owners.
A Check Point report released in July 2016 has identified Yingmob, an advertising company based in Chongqing, China, as the main suspect behind both HummingBad (Android) and YiSpecter (iOS) malware families.
According to Check Point, at that point, the HummingBad malware was found in over 200 apps, generating an estimated revenue of $300,000 per month for its creators.
New HummingBad version discovered
Researchers say that the 20 apps they recently discovered contained a new version of HummingBad, which they nicknamed HummingWhale due to the massive changes in its mode of operation.
The biggest change is that HummingWhale appears to have dropped the rootkit component that allowed it to forcibly download unwanted apps on infected devices.
This module appears to have been replaced by DroidPlugin, a plugin initially developed by Qihoo 360 for running virtual machines on Android devices.
HummingWhale works by showing unwanted ads to its victims, but when users move in to close the ad, the malware opens a virtual machine and installs the advertised app inside it.
This way HummingBad authors earn revenue in pay-per-install affiliate programs and install as many apps on infected devices without polluting the device's application list.
But the VM component also makes it harder for security apps to spot HummingWhale's malicious behavior, and for Google's security checks to detect malicious apps before they reach the Play Store
HummingWhale also rates and comments on Play Store apps
Furthermore, HummingWhale gained another feature, which was the ability to post reviews and ratings on the Google Play Store on behalf of infected users, a tactic used to earn an extra revenue or give a boost to other malicious apps.
This type of activity was first spotted with malware families such as Gooligan or CallJam and was not something native to the original HummingBad codebase.
Following HummingWhale's discovery, Google has removed the infected apps. A list of all app package names that were found to contain HummingWhale is available below. These are apps spread through the Google Play Store, but also other third-party stores.
com.bird.sky.whalecamera – Whale Camera
com.op.blinkingcamera – Blinking Camera
com.fishing.when.orangecamera – Orange Camera
com.note.ocean.camera – Ocean camera
io.zhuozhuo.snail.android_snails -蜗牛手游加速器-专业的vpn,解决手游卡顿延迟问题
com.cm.hiporn – HiPorn
com.family.cleaner – Cleaner: Safe and Fast
com.wall.fast.cleaner – Fast Cleaner
com.blue.deep.cleaner – Deep Cleaner
com.color.rainbow.camera – Rainbow Camera
com.ogteam.love.flashlight – com.qti.atfwd.core
com.wall.good.clevercamera – Clever Camera
com.well.hot.cleaner – Hot Cleaner
com.op.smart.albums – SmartAlbums
com.tree.tiny.cleaner – Tiny Cleaner
com.speed.top – Topspeed Test2
com.fish.when.orangecamera – Orange Camera
com.flappy.game.cat – FlappyCat
com.just.parrot.album – com.qti.atfwd.core
com.ogteam.elephanta.album – Elephant Album
gorer – File Explorer
com.with.swan.camera – Swan Camera
com.touch.smile.camera – Smile Camera
com.air.cra.wars – com.qti.atfwd.core
com.room.wow.camera – Wow Camera-Beauty,Collage,Edit
com.start.super.speedtest – com.qti.atfwd.core
com.best.shell.camera – Shell Camera
com.ogteam.birds.album – com.qti.atfwd.core
com.tec.file.master – File Master
com.bird.sky.whale.camera – Whale Camera
cm.com.hipornv2 – HiPorn
com.wind.coco.camera – Coco Camera
global.fm.filesexplorer – file explorer
com.filter.sweet.camera – Sweet Camera
com.op.blinking.camera – Blinking Camera
com.mag.art.camera – Art camera
com.cool.ice.camera – Ice Camera
com.group.hotcamera – Hot Camera
com.more.light.vpn – Light VPN-Fast, Safe,Free
com.win.paper.gcamera – Beauty Camera
com.bunny.h5game.parkour – Easter Rush
com.fun.happy.camera- Happy Camera
com.like.coral.album – com.qti.atfwd.core
com.use.clever.camera – Clever Camera
com.wall.good.clever.camera – Clever Camera
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now