New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions
Researchers from Checkpoint have discovered a dubbed HummingWhale Android malware, Hummingbad was found inside more than 20 Google play apps. One of the apps inside Google play with Hummingbad infection appears to have been downloaded more than a millions times which had a good rating.
The new variant of Hummingbad is very sophisticated, uses chain-attack tactic and a rootkit to gain full control over the infected device.
Earlier variant of HummingBad that was discovered by Checkpoint during the first half of 2016 bagged the 4th place in ‘the most prevalent malware globally’ list with over 72% of attacks.
HummingWhale malware first raised suspicions when Check Point researchers analyzed one of the apps. It registered several events on boot, such as TIME_TICK, SCREEN_OFF and INSTALL_REFERRER which was dubious in that context. Code similarity inspection revealed that this was only one app out of a series of apps with a common name structure – com.XXXXXXX.camera (e.g. com.bird.sky.whale.camera, com.color.rainbow.camera, com.fishing.when.orangecamera). as stated by Checkpoint
The apps were uploaded under fake Chinese developers and the actual developer is unknown. Researchers at checkpoint were able to identify sixteen additional distinct package names. The suspicious apps had 1.3MB encrypted file ‘assets/group.png’ and some disguised as “file-explorer”. Identical strings and certificates were found with new samples of HummingWhales.
This new malware is an apk which can run as executables. This .apk acts as a dropper, used to download and execute additional apps, similar to the tactics employed by previous versions of HummingBad. However, this dropper went much further. It uses an Android plugin called DroidPlugin, originally developed by Qihoo 360, to upload fraudulent apps on a virtual machine.
The infected device provides a fake login screen to the user. As soon the user tries to close the ad, the downloaded app runs in a virtual machine and shows as real. The malware app uses this for ad monetization.
More is available at Checkpoint
Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […] Continue reading →
PokemonGO was released two weeks back and its already making names all over the world. Last weekend Pokemon was targeted by a group of hackers named “OurMine” took the site down with massive DDoS. The users might have had difficulty logging to the Pokemon and the company displayed the messaged a below. In a post of Ourmine , the […] Continue reading →
One of the most malicious attacks that can ever be launched on a website is being flooded with multiple requests that it cannot handle, otherwise known as DDoS’es. According to internet security researchers, this nightmare may have recently become a reality after one site was targeted in such a manner with an aim of overwhelming […] Continue reading →
If you use Google Chrome 45 or any of the older versions, it can crash by simply typing a 16 character URL. The bug was first detected by Andris Atteka who reported it to Google, but he was not rewarded since it is not a security issue but a DOS vulnerability. The issue reported by […] Continue reading →
UT Austin ISO (Information Security Office) has detected a bug in Android 5.x that allows hackers to bypass the locked screen of the phone and access the home screen or other functions of the phone. For the purpose of the attack however the attacker must have physical access to the phone and the screen should […] Continue reading →
IBM researchers have identified that more than 55% of Android users appeared to have impacted with Android serialization vulnerability – CVE-2015-3825. This basically means Android versions 4.3 and newer are vulnerable to this vulnerability. An advanced attackers could exploit this vulnerability to give a malicious app with no or least privileges the ability to become a super […] Continue reading →
Last week Check Point discovered Certifi-Gate-based vulnerability which could take complete control of Android devices. This serious security vulnerability has made millions of Android devices vulnerable and are open in the wild.The mRTS plugin allows malicious applications to gain privileged access rights, even if your device is not rooted . The vulnerability is in the authorization […] Continue reading →
Researchers from Metaspolit have discovered a major flow on devices running Android 4.3 (Jelly Bean) & prior versions that no longer receive official security updates from Android security team for WebView. Webview is one of core component for Google store. Attackers can easily install the malware app and perform malicious actions. Due to a lack […] Continue reading →
Malware on Android is not new anymore but this time adware has taken over Google play with approx 10 million downloads. Avast researchers have identified three apps that might have millions of downloads. The apps identified are “Durak card game app”, “IQ Test” app and “Russian History” app from three different developers performing the same […] Continue reading →