A new version of HummingBad Android malware has been discovered. Dubbed as HummingWhale, the malware has been found hidden in 20 new applications on Google Play. They’ve been downloaded by as many as 12 million unsuspecting users.
The malware enters a victim device through infected apps on the Google Play Store. The apps affected were uploaded using the names of fake Chinese developers, and all had a 1.3MB file called 'assets/group.png'
As soon as the victims download the app, HummingWhale will start sending users fake ads that will become particularly harmful to them if opened. Moreover, if a user notices and closes the ad, the malware then drops itself into a virtual machine to evade detection. The malware uploads apps to the Virtual Machine to run those apps as if it is on a real device, before generating fake referral IDs for dishonest revenue.
Furthermore, HummingWhale also conducts other malicious activities, including displaying illegitimate ads and hiding the original app after installation.
Google has already removed the HummingWhale apps from the Play Store
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street