HummingWhale: Android malware blows through millions of devices

Security firm CheckPoint has let off a warning about Android malware called HummingWhale that it says was hidden inside 20 apps and could have been downloaded millions of times.

HummingWhale is a variant of HummingGad, which was as bad as its name suggests. HummingWhale is a much more sophisticated thing that the earlier one, and uses its control and command centre to basically kill your phone through shitty fake apps and ads.

CheckPoint gave the warning about Hummingbird last year. That version presented itself within very legitimate applications on the Google Play store, and the security company estimated that perhaps as many as 10 million people have been affected. It also identified the culprits as a Chinese hacking outfit called Yingmob. "HummingBad stands out as an extremely sophisticated and well-developed malware, which employed a chain-attack tactic and a rootkit to gain full control over the infected device" explains the firm.

"The malware was spread through third-party app stores and affected over 10 million victims, rooting thousands of devices each day and generating at least $300,000 per month. HummingBad was so widespread that in the first half of 2016 it reached fourth place in ‘the most prevalent malware globally' list, and dominated the mobile threat landscape with over 72 per cent of attacks."

If you were infected with HummingBad you had few options. If your phone was not just a crappy block of shiny metal you might have been abe to perform a factory reset on it. This option is always considered a last resort for the great un-backed up. The Whale probably earns its name because it has already clocked up "millions" of infections. Fret not though gang, because Google has already done the right thing and taken the problem apps away from the store.

CheckPoint does not think that the same gang is behind the attack, but it is convinced that they were informed by the prior malware. A number of elements are shared, and of course, the methods and the means are the same. "This is a prime example of malware developers learning from each other, as tactics that were introduced by one of them are quickly adopted by others," added the firm. "The fraudulent ratings left by such malware is another reminder that users cannot rely on Google Play for protection, and must apply further, more advanced means of security".