Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>HummingWhale infects up to 12 million Android users

HummingWhale infects up to 12 million Android users

A new version of HummingBad Android malware has been discovered. Dubbed as HummingWhale, the malware has been found hidden in 20 new applications on Google Play. They’ve been downloaded by as many as 12 million unsuspecting users.

The malware enters a victim device through infected apps on the Google Play Store. The apps affected were uploaded using the names of fake Chinese developers, and all had a 1.3MB file called 'assets/group.png'

As soon as the victims download the app, HummingWhale will start sending users fake ads that will become particularly harmful to them if opened.  Moreover, if a user notices and closes the ad, the malware then drops itself into a virtual machine to evade detection. The malware uploads apps to the Virtual Machine to run those apps as if it is on a real device, before generating fake referral IDs for dishonest revenue.
Furthermore, HummingWhale also conducts other malicious activities, including displaying illegitimate ads and hiding the original app after installation.

Google has already removed the HummingWhale apps from the Play Store

Mail Online
Hack Read
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis