HummingWhale: Dangerous new malware infects millions of Android phones


Millions of Android smartphone users have been duped into downloading a new “cutting edge” malware.

The malware, called HummingWhale, is capable of taking control of your smartphone in order to generate millions of dollars in fraudulent advertising revenue, known as “click fraud”.

It was discovered by security firm Check Point, who has warned this latest version of malware is even more dangerous and prevalent than the HummingBad malware that was discovered last year.

“This new variant, dubbed HummingWhale, includes new, cutting edge techniques that allow it to perform ad fraud better than ever before,” Check Point warned.

The HummingBad malware first appeared last year and was linked to Chinese cyber criminals who were estimated to be generating more than a million dollars a month in ad revenue by forcing users to click on ads from their infected smartphones and tablets.

However, unlike HummingBad, which was spread among Android users downloading apps from third party app sites, the new version HummingWhale has been found in at least 20 apps that were available to download from the Google Play Store.

HummingWhale Camera app

Some of the infected apps include Whale Camera, Light VPN-Fast, Safe,Free, Hi Porn and File Explorer.

All of the apps had been uploaded to Google Play using accounts from fake Chinese app developers, Check Point said.

What also makes HummingWhale more dangerous than its predecessor is that the malware can install apps onto your phone without your permission, hiding the app after your device has been infected, making it even harder for you to detect it.

“It allows the malware to install apps without gaining elevated permissions first, then disguises the malicious activity, which allows it to infiltrate Google Play. It also allows the malware to let go of its embedded rootkit since it can achieve the same effect even without it. It can install an infinite number of fraudulent apps without overloading the device.”

If you are worried your device may have been infected with HummingWhale you can use Check Point’s virus scanning can confirm if your device is infected.

Security experts recommend that people whose smartphones have been infected with HummingWhale to perform a factory reset and be extra careful when reinstalling apps, only making sure apps are from trusted developers.


Comments are closed.