Published On: Wed, Jan 25th, 2017

Chinese Ad Company That Turned Out to Be a Cyber Crime Group Is Back with “a Whale of a Tale”

First detected in early 2016, confidence researchers have detected a new various of HummingBad Android malware dark in over 20 opposite apps on Google Play. HummingBad was a rarely worldly malware, contracting a chain-attack plan and a rootkit to benefit finish control of an putrescent device. Spreading by third-party app stores, HummingBad had managed to taint over 10 million devices, generating during slightest $300,000 a month in ad fraud.

Back in final summer, Check Point had suggested that a Chinese ad organisation Yingmob – that claimed to offer ad support, including text, images, and video ads – was indeed a cyber crime group. The organisation managed to get control of over 85 million devices, generating a association $300K/month in feign ad revenue.

While believed to have been a problem of third-party stores, researchers found out that a malware has finally found a approach to a Google Play. In 2016, HummingBad was deliberate as a “most prevalent malware globally,” winning a mobile hazard landscape with over 72% of attacks.

It is not a warn afterwards that researchers and Android users are disturbed what massacre a new various of HummingBad would wreak in Google Play. Don’t worry, though. Google private a apps after a folks during Check Point disclosed the issue to the company. But, before it happened a barbarous malware was downloaded over a few million times!

Android malware HummingBad becomes HummingWhale

“It was substantially usually a matter of time before HummingBad grown and done a approach onto Google Play again,” Oren Koriat, Mobile Cyber Security Analyst during Check Point wrote in a blog post. He combined a putrescent apps in this many new debate on Google Play “were downloaded several million times by gullible users.”

Once a user downloads a antagonistic app, a APK operates as a dropper, downloading several additional apps. “This dropper went most further. It uses an Android plugin called DroidPlugin, creatively grown by Qihoo 360, to upload feign apps on a practical machine,” CP wrote.

DroidPlugin is used by developers to revoke APK sizes and run mixed instances of apps on a same device. But in a box of “HummingWhale”, fraudsters were regulating DroidPlugin to upload a antagonistic app on a practical appurtenance to beget feign referrer IDs.

“First, a authority and control server provides feign ads and apps to a commissioned malware, that presents them to a user. Once a user tries to tighten a ad, a app, that was already downloaded by a malware, is uploaded to a practical appurtenance and run as if it is a genuine device. This movement generates a feign referrer ID, that a malware uses to beget income for a perpetrators,” a investigate organisation explained wrote.

While Google has now private all a antagonistic apps from Google Play, it is misleading either a malware can still bypass a confidence checks put adult by a store.

Uses slicing corner techniques…

This new various that a confidence experts are job “HummingWhale,” includes new, slicing corner techniques that concede it to perform ad rascal improved than ever before.

The confidence organisation says that a latest aria of HummingBad is some-more worldly than a prototype as it can implement apps but removing towering permissions; it can costume antagonistic activity that is how it can penetrate Google Play; HummingWhale can also implement an gigantic series of feign apps but overloading a device, and it can censor a strange app after installation.

To boost a chances of being downloaded, HummingWhale also tries to lift a repute in Google Play regulating feign ratings and comments. The HummingWhale Android malware can also be used to download and govern other apps.

So, a prolonged list of capabilities. Let’s wish this ad association finally bites a dirt and never shows adult again. But, looking during how fast this latest Android malware has managed to evolve, it looks really expected that we would be conference about another of a variants really soon.

For more: A Whale of a Tale: HummingBad Returns

– Thanks for a tip, Jesse.

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>