HummingBad Malware Reappears on Android As HummingWhale


HummingBad, an Android malware that appeared in early 2016, has evidently resurfaced with a few tweaks under the name HummingWhale and has even managed to find its way into the Play Store. The malware was found by Check Point, the same security group that outed the original HummingBad. By zeroing in on the code contained in the malware itself and searching the Google Play Store for that string, Check Point managed to find 20 different apps containing the malware and reported them to Google. Since then, the apps known to contain HummingWhale have been removed by Google, but caution is still advised.

The apps containing HummingWhale included the likes of Whale Camera, Elephant Album, and Deep Cleaner. The identified apps generated millions of downloads before getting pulled from the Google Play Store. In order to check if your device has been infected and purge the infection if it has, a security and anti-malware app like Lookout or Avast should be your first choice. If these apps are unable to purge the malware from your system, a factory reset may be in order. Custom ROM users should probably wipe everything except their internal and external storage in their recovery of choice and reflash their ROM, GAPPS, kernel, and any mods to be on the safe side.

In its original form, HummingBad used a privilege escalation bug of sorts by packaging an APK as an app asset. When called, that asset would generate a virtual device and load a copy of a fraudulent app onto it, generating a unique referral ID and a bit of ad revenue. This happened each time a user closed an ad generated by the app, and as the virtual machine would disappear, users were left clueless about what happened. These virtual machines could also be used to leave fake Play Store ratings and use popularity fraud to silence hundreds of users outing the fake apps in their review sections. The exploit was only used to generate fraudulent ad revenue, but could easily have gained control of infected devices. HummingWhale is much the same, except it hides its malicious code from the Google Play Store and Google's on-device malware filters with a bit of clever code manipulation to do all the things that HummingBad's rootkit did.


Share this page

Copyright ©2017 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments