according to Dubbed HummingWhale by security vendor Check Point, the malware was uploaded to Google Play using fake Chinese developer names.
A new variant of the advanced Android HummingBad malware has spread to apps in the Google Play store, security researchers have found.
HummingWhale also copies the Gooligan malware tactic of using fake ratings and comments to raise its reputation on Google Play.
The latter tactic allows HummingWhale to infiltrate Google Play, Check Point said.
HummingWhale utilises what Check Point said are cutting edge techniques to conduct ad fraud to generate revenue for its developers.
Gooligan, a family of Android malware that came to light in November after it compromised more than 1 million Google accounts, contained similar abilities to tamper with Google Play ratings.
Until now, Android malware that wanted advanced capabilities typically had to trick users into approving sometimes scary-sounding permissions or exploit rooting vulnerabilities.
A virulent family of malware that infected more than 10 million Android devices last year has made a comeback, this time hiding inside Google Play apps that have been downloaded by as many as 12 million unsuspecting users.
Google officials removed the malicious apps from the Play market after receiving a private report of their existence.
A separate app from Check Point competitor Lookout also detects the threat as a variant of the Shedun malware family.
HummingBad malware returns; new variant hides in Google Play apps
The HummingBad malware is back with a new variant, named “HummingWhale,” which has been found in more than 20 apps on Google Play.
The fraudulent ratings left by malware is a reminder to users to not trust Google Play for protection.
The malware-infected apps were downloaded several million times by users, and researchers from security company Check Point discovered the malware and notified the Google security team about the apps, which have since been removed from the Google Play store.
Check Point first discovered HummingBad in February 2016, when it employed a chain-attack tactic and rootkit to gain control over infected Android devices, according to him.
Overall, the malware’s method uses tactics like installing apps without gaining permission, disguising the malicious activity that allows it to infiltrate Google Play, installing on an infinite number of fraudulent apps without overloading the device, wrote Koriat.
about the details
This content may collect you by Lily Jack