Android devices hit by 'cutting edge' malware attack

New variant of HummingBad software from 2016 reportedly found in 20 apps on Google Play store

A picture taken on September 21, 2016 shows a statue donated by Google during its inaugurationin Montelimar, as Google decided to launch a new version of the android operating system called A
(Image credit: AFP/Getty Images)

Android devices have been hit by a severe malware attack that may have been downloaded by "several million unsuspected victims".

According to Check Point Software Technologies, more than 20 apps on the Google Play store were found to contain the malicious software, believed to a be a variant of the "HummingBad" malware that affected around ten million Android users in 2016.

Dubbed "HummingWhale", the new attack used "cutting edge techniques that allow it to perform ad fraud better than ever before", says the site, adding that contaminated apps used "fraudulent ratings" to raise their reputation on the store.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE
https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Apps were uploaded under the names of "fake Chinese developers" and contained a "suspiciously large" encrypted file, which was the same as those found in the old HummingBad software. Google has since removed the contaminated apps, Check Points adds.

HummingWhale generated revenue by "displaying fraudulent ads" which, once opened, installed apps without the user's permission, says ArsTechnica. These apps would then "run in a virtual machine" to "generate referral revenues".

While last year's HummingBad malware was not a "catastrophic attack", it did pose a "higher risk" for devices running older software versions, says The Guardian. It could open an access passage into the device that allowed user data to be sold on the "black market".

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.