HummingWhale Malware Found on Google Play Store

There’s a new malware that has been found on the Google Play Store, no root required.

A new variant of the HummingBad malware, going by the name HummingWhale, has been found on the Google Play Store. Check Point states that they have so far found the malware on 20 apps within the official store.

The malware has been uploaded to the Google Play Store utilizing fake Chinese developer names. Attackers have been able to bypass Google Play’s security measures through a pretty ingenious method. The malware utilizes an android plugin, which allows the malware to download and install further apps onto the device, however, it uploads these apps to virtual machine. By loading these apps onto a virtual machine, the malware does not have to gain root access to the actual device, and this malicious activity is not recognized by Google Play.

What is in it for the attackers? Income. As yet, the malware is currently installing other apps, generating increased number of app installs, as well as generating fake ratings and comments on those apps. Add fraudulent ad activity to the malware and this could prove to be quite profitable to the attackers.

We can count on one thing in the mobile tech world, and that is the truth that attackers shall not sat idle when there are opportunities for illegal gain. In this world where new attacks arrive with regularity, I will only trust my most important device from a company which places security as their top offering and that company is BlackBerry.

 

Source

Brad

BlackBerry Elite Founder & Owner of UTB Blogs and UTB Geek. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.

  • leverspro

    I’m finding the articles on malware and security interesting. This malware is able to download apps without needing permissions normally needed for an app to come onto a phone? So, it’s that first malware app that automates this that needed permission before it was loaded? Or can this happen just by clicking on the wrong link in a browser?

  • Excellent read! Very well done! Will probably share this when people ask me about privacy or security!

Top