Archives for 

Mobile Malware

New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions

New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions

Researchers from Checkpoint have discovered a dubbed HummingWhale Android malware, Hummingbad was found inside more than 20 Google play apps. One of the apps inside Google play with Hummingbad infection appears to have been downloaded more than a millions times which had a good rating.

The new variant of Hummingbad is very sophisticated, uses chain-attack tactic and a rootkit to gain full control over the infected device.

Earlier variant of HummingBad that was discovered by Checkpoint during the first half of 2016  bagged the 4th place in ‘the most prevalent malware globally’ list with over 72% of attacks.

HummingWhale malware first raised suspicions when Check Point researchers analyzed one of the apps. It registered several events on boot, such as TIME_TICK, SCREEN_OFF and INSTALL_REFERRER which was dubious in that context. Code similarity inspection revealed that this was only one app out of a series of apps with a common name structure – com.XXXXXXX.camera (e.g. com.bird.sky.whale.camera, com.color.rainbow.camera, com.fishing.when.orangecamera). as stated by Checkpoint

The apps were uploaded under fake Chinese developers and the actual developer is unknown. Researchers at checkpoint were able to identify sixteen additional distinct package names. The suspicious apps had 1.3MB encrypted file ‘assets/group.png’ and some disguised as “file-explorer”. Identical strings and certificates were found with new samples of HummingWhales.

This new malware is an  apk which can run as executables. This .apk acts as a dropper, used to download and execute additional apps, similar to the tactics employed by previous versions of HummingBad. However, this dropper went much further. It uses an Android plugin called DroidPlugin, originally developed by Qihoo 360, to upload fraudulent apps on a virtual machine.

The infected device provides a fake login screen to the user. As soon the user tries to close the ad, the downloaded app runs in a virtual machine and shows as real. The malware app uses this for ad monetization.

More is available at Checkpoint

Share Button

Gooligan malware campaign steals more than 1 Million Google Accounts using Android phones – Checkpoint

Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […]
Share Button
Continue reading →

Pokemon Go servers down by DDoS attack- OurMine claims credit

PokemonGO was released two weeks back and its already making names all over the world. Last weekend Pokemon was targeted by a group of hackers named “OurMine” took the site down with massive DDoS. The users might have had difficulty logging to the Pokemon and the company displayed the messaged a below. In a post of Ourmine , the […]
Share Button
Continue reading →

Smartphone browsers can deliver powerful DDoS attack with 4.5billion requests causing Flood Attack

One of the most malicious attacks that can ever be launched on a website is being flooded with multiple requests that it cannot handle, otherwise known as DDoS’es. According to internet security researchers, this nightmare may have recently become a reality after one site was targeted in such a manner with an aim of overwhelming […]
Share Button
Continue reading →

Google Chrome can be crashed with 16 characters

If you use Google Chrome 45 or any of the older versions, it can crash by simply typing a 16 character URL. The bug was first detected by Andris Atteka who reported it to Google, but he was not rewarded since it is not a security issue but a DOS vulnerability. The issue reported by […]
Share Button
Continue reading →

Elevation of Privilege Vulnerability Could Bypass “Screen Lock” Of Android 5.0 (CVE-2015-3860)

UT Austin ISO (Information Security Office) has detected a bug in Android 5.x that allows hackers to bypass the locked screen of the phone and access the home screen or other functions of the phone. For the purpose of the attack however the attacker must have physical access to the phone and the screen should […]
Share Button
Continue reading →

Android serialization vulnerability (CVE-2015-3825) gives super user status to a underprivileged user

IBM researchers have identified that more than 55% of Android users appeared to have impacted with Android serialization vulnerability – CVE-2015-3825.  This basically means Android versions 4.3 and newer are vulnerable to this vulnerability. An advanced attackers could exploit this vulnerability to give a malicious app with no or least privileges the ability to become a super […]
Share Button
Continue reading →

Android’s Certifi-Gate remote access securit vulnerability exploited in the wild – Checkpoint

Last week Check Point discovered Certifi-Gate-based vulnerability which could take complete control of Android devices. This serious security vulnerability has made millions of Android devices vulnerable and are open in the wild.The mRTS plugin allows malicious applications to gain  privileged access rights, even if your device is not rooted . The vulnerability is in the authorization […]
Share Button
Continue reading →

Remote Code Execution vulnerability on Google store allows Hackers to remotely install malware apps on your Android Device

Researchers from Metaspolit have discovered a major flow on devices running Android 4.3 (Jelly Bean) & prior versions that no longer receive official security updates from Android security team for WebView. Webview is one of core component for Google store. Attackers can easily install the malware app and perform malicious actions. Due to a lack […]
Share Button
Continue reading →

Adware found in Google play Apps infects Milions of Android Users

Malware on Android is not new anymore but this time adware has taken over Google play with approx 10 million  downloads. Avast researchers have identified three apps that might have millions of downloads. The  apps identified are “Durak card game app”, “IQ Test” app and “Russian History” app from three different developers performing the same […]
Share Button
Continue reading →