About mobilesecurity

Website: https://www.mobilesecuritythreat.com//
mobilesecurity has written 28 articles so far, you can find them below.

New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions

New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions

Researchers from Checkpoint have discovered a dubbed HummingWhale Android malware, Hummingbad was found inside more than 20 Google play apps. One of the apps inside Google play with Hummingbad infection appears to have been downloaded more than a millions times which had a good rating.

The new variant of Hummingbad is very sophisticated, uses chain-attack tactic and a rootkit to gain full control over the infected device.

Earlier variant of HummingBad that was discovered by Checkpoint during the first half of 2016  bagged the 4th place in ‘the most prevalent malware globally’ list with over 72% of attacks.

HummingWhale malware first raised suspicions when Check Point researchers analyzed one of the apps. It registered several events on boot, such as TIME_TICK, SCREEN_OFF and INSTALL_REFERRER which was dubious in that context. Code similarity inspection revealed that this was only one app out of a series of apps with a common name structure – com.XXXXXXX.camera (e.g. com.bird.sky.whale.camera, com.color.rainbow.camera, com.fishing.when.orangecamera). as stated by Checkpoint

The apps were uploaded under fake Chinese developers and the actual developer is unknown. Researchers at checkpoint were able to identify sixteen additional distinct package names. The suspicious apps had 1.3MB encrypted file ‘assets/group.png’ and some disguised as “file-explorer”. Identical strings and certificates were found with new samples of HummingWhales.

This new malware is an  apk which can run as executables. This .apk acts as a dropper, used to download and execute additional apps, similar to the tactics employed by previous versions of HummingBad. However, this dropper went much further. It uses an Android plugin called DroidPlugin, originally developed by Qihoo 360, to upload fraudulent apps on a virtual machine.

The infected device provides a fake login screen to the user. As soon the user tries to close the ad, the downloaded app runs in a virtual machine and shows as real. The malware app uses this for ad monetization.

More is available at Checkpoint

Share Button

Android.BankBot.149.origin – First Android Banking trojan of 2017 can download apps and installs itself

The first Android banker malware (Android.BankBot.149.origin) of 2017 is already out and its source code is put on the web. This Android malware can steal users banking information and send it to CnC servers. The source code available on the web also means more variants of this malware will be seen in the wild very […]
Share Button
Continue reading →

“Doxware”- Evolution of Ransomware, a new form of malware threat for 2017

As security controls and defense measures for computer systems become more sophisticated, cyber criminals have taken one step ahead in the world of Ransomware. The most profitable ransomware attacks has taken a leap with doxing. What is Doxware ? “Ransomware is the art of encrypting data on a network, users PC or Mac and asking for […]
Share Button
Continue reading →

First Mac malware of 2017 Quimitchin /Fruitfly was discovered targeting biomedical research centers

Security researchers from Malwarebytes have identified strange traffic originating from a Mac. The unusual traffic was identified by IT admins when investigated led to espionage malware describes as Quimitchin. (Apple calls this as ‘Fruitfly’) The malware appears to have been existed for a while and undetected for quite a long time. One of the timestamp […]
Share Button
Continue reading →

Gooligan malware campaign steals more than 1 Million Google Accounts using Android phones – Checkpoint

Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […]
Share Button
Continue reading →

Approx. 68 million Dropbox accounts available to download by anyone wordwide

During the month of August, motherboard one of prominent online magazine released a report that more than 60 million account details were stolen from the cloud storage provider Dropbox. However now approx. 68 million Dropbox accounts are available to download by anyone.( Exact number as publish on ibtimes :68,680,741 accounts) During the month of September, […]
Share Button
Continue reading →

Akamai’s incapability to protect, dups its customer after massive DDOS attack, Google anti-DDOS protection to the rescue of krebsonsecurity

(Image: starwars.wikia.com) Last week KrebsOnSecurity.com was targeted by massive 620Gbps DDoS (Distributed Denial of Service Attack) and Kerbs had to take his site down for days. The decision of taking the site down was made after Akamai (aka Prolexic) decides that the pro bono service they were offering was costing them and their customers in millions and […]
Share Button
Continue reading →

WhatsApp, aka Facebook was sued in India by two college students due to concerns over Privacy

After the recent changes to privacy policy on WhatsApp , people around the world feels to have betrayed by Facebook’s decision. To challenge this, two students from India have filed a legal challenge against Facebook to roll back changes to Whats App policy, which is threatening the rights of millions of users in India. The […]
Share Button
Continue reading →

Steps to Change your Whatsapp Settings before Facebook Begins Sharing data  – Android & Iphone

From the first time you see the privacy policy update screen on WhatsApp ( both iPhone & Android phones) , you have 30 days to click through and agree or not agree to Facebook, using your Whatsapp data to suggest friends and serve ads hampering your experience. We highly recommended to follow the below steps to help privacy invasion by […]
Share Button
Continue reading →

Whatsup which is now Facebook, backstabs its users by sharing users data

It was long due before Facebook made its move to share data between Whatsup app and Facebook after the acquisition. Facebook is known to invade its users privacy with a claim of openness by its CEO Mark Zuckerburg and it did it again last week to monetize as much as possible with a decision to […]
Share Button
Continue reading →