HummingBad is a malware packaged into a number of Android apps that were found on Google Play Store. Proliferating through around 85 million devices worldwide, it was confirmed to be present in 46 new applications. Of those, 20 had even made their way into the official Play Store, bypassing Google’s security methods.
HummingBad is, no doubt, the biggest player in Android malware today, accounting for 72% of all mobile security breaches, according to “Check Point”, an Israeli security company.
This malware is cashing in an estimated $300,000 per month for its creators – the main suspect being an advertising company from China. It was first detected a year ago and it operates by downloading and installing apps and clicking on ads.
The Check Point company had identified Yingmob, an advertising firm from China, as the most likely source behind both HummingBad (Android) and YiSpecter (iOS) malware families. These are now found in more than 200 apps.
After the discovery of yet another new version called HummingWhale, Google has removed the infected apps. All of the apps were uploaded under the names of fake Chinese developers. You’ll want to check any recent camera app downloads from the Play Store, and make sure they’re not on the list of infected apps:
- com.bird.sky.whalecamera – Whale Camera
- com.op.blinkingcamera – Blinking Camera
- com.fishing.when.orangecamera – Orange Camera
- com.note.ocean.camera – Ocean camera
- io.zhuozhuo.snail.android_snails -蜗牛手游加速器-专业的vpn，解决手游卡顿延迟问题
- com.cm.hiporn – HiPorn
- com.family.cleaner – Cleaner: Safe and Fast
- com.wall.fast.cleaner – Fast Cleaner
- com.blue.deep.cleaner – Deep Cleaner
- com.color.rainbow.camera – Rainbow Camera
- com.ogteam.love.flashlight – com.qti.atfwd.core
- com.wall.good.clevercamera – Clever Camera
- com.well.hot.cleaner – Hot Cleaner
- com.op.smart.albums – SmartAlbums
- com.tree.tiny.cleaner – Tiny Cleaner
- com.speed.top – Topspeed Test2
- com.fish.when.orangecamera – Orange Camera
- com.flappy.game.cat – FlappyCat
- com.just.parrot.album – com.qti.atfwd.core
- com.ogteam.elephanta.album – Elephant Album
- gorer – File Explorer
- com.with.swan.camera – Swan Camera
- com.touch.smile.camera – Smile Camera
- com.air.cra.wars – com.qti.atfwd.core
- com.room.wow.camera – Wow Camera-Beauty，Collage，Edit
- com.start.super.speedtest – com.qti.atfwd.core
- com.best.shell.camera – Shell Camera
- com.ogteam.birds.album – com.qti.atfwd.core
- com.tec.file.master – File Master
- com.bird.sky.whale.camera – Whale Camera
- cm.com.hipornv2 – HiPorn
- com.wind.coco.camera – Coco Camera
- global.fm.filesexplorer – file explorer
- com.filter.sweet.camera – Sweet Camera
- com.op.blinking.camera – Blinking Camera
- com.mag.art.camera – Art camera
- com.cool.ice.camera – Ice Camera
- com.group.hotcamera – Hot Camera
- com.more.light.vpn – Light VPN-Fast, Safe,Free
- com.win.paper.gcamera – Beauty Camera
- com.bunny.h5game.parkour – Easter Rush
- com.fun.happy.camera- Happy Camera
- com.like.coral.album – com.qti.atfwd.core
- com.use.clever.camera – Clever Camera
- com.wall.good.clever.camera – Clever Camera
What does HummingBad’s new sibling do?
In short, it allows hackers to turn your smartphone into a remote money-making machine by installing other fraudulent apps on your device almost automatically. HummingWhale’s new feature is uploading fraudulent apps on a virtual machine. It can install a ton of fraudulent apps without overloading the machine.
The other bad thing is that HummingWhale also uses bogus rating and fake comments to legitimize the profile on its family of apps (Just like the Gooligan and CallJam malware). This is a good example of malware developers learning from each other, adopting successful tactics from one another. It’s also a reminder for smart device users to NOT rely on Google Play or any of their proprietors security solutions – always apply further protection measures.