HummingWhale malware is an updated HummingBad virus that targets Android users only
Questions about HummingWhale virus
HummingWhale virus is an improved version of the infamous HummingBad malware. It is an Android virus, which managed to compromise more than 10 million Android devices in 2016. It appears that this Android malware has made a comeback with more than 20 malicious apps on Google Play Store. According to Check Point’s analysis, this well-made malware predecessor used chain-attack tactics and set up a rootkit on the device to gain full control of it. However, HummingBad was evolved, and in 2017, the gang called Yingmob, which is responsible for these malicious attacks against Android users, released updated malware samples. All of the malicious programs pretend to be applications that have something to do with Android’s camera and are uploaded to the Google Play Store by fake Chinese developers. Here are some examples of malicious programs that contain HummingWhale Trojan:
Whale Camera, Smile Camera, Swan Camera, Coco Camera, Sweet Camera, Ice Camera, Happy Camera, Hot Camera, Shell Camera, Rainbow Camera, HiPorn, Light VPN-Fast, Safe, Free, Beauty Camera, File Master, and more.
Victims who have installed any of these malware samples typically leave one-star complaints on Google Store, saying that the program is worthless and closes right after opening it. Research shows that these programs tend to register some events on boot, including TIME_TICK, INSTALL_REFERRER, and SCREEN_OFF. Every malicious application has a huge 1.3MB file named assets/group.png, which was encrypted. What is more, these applications contain a group.png file, which is actually a .apk file, which means it is a file that can be executed as a program. Exactly this file carries a malicious payload and works as a malware installer. It is capable of installing additional malware to the device without even asking user’s permission. It uses a plugin known as DroidPlugin to upload downloaded applications on a virtual machine, which allows criminals to install many applications without making the compromised device lag. There is also a Command and Control center associated with the malware, which delivers bogus sponsored content and malicious applications. Everytime the victim attempts to close the ad, the malware transfers the additional application to the virtual machine. An unreal referrer ID is then generated, and this way culprits manage to generate revenue without hassle. This highly sophisticated malware sample hides its presence completely, helping its authors make large sums of money without being caught. It goes without saying that HummingWhale removal is a must-do task, and it should be done with the help of a strong anti-malware program that is compatible with Android. We highly suggest you remove HummingWhale malware using the Malwarebytes software.
How did I get infected with this Android virus?
As we have already mentioned, you can infect your device with this Android virus simply by downloading a malicious app from Google Play Store. Although the indicated store was already warned about this malware and took off all malicious apps from the store, it doesn’t mean that hackers won’t improve the malware in the future. It is known that culprits forged good reviews for these applications to trick unsuspecting victims into installing them. Therefore, it simply means that you should look for more information before installing anything to your device.
How can I remove HummingWhale malware from my Android device?
In this part, you can find a detailed HummingWhale removal tutorial. Keep in mind that you might need to factory reset your device in order to entirely get rid of HummingWhale virus. If you are ready to remove HummingWhale malware, follow these steps:
- Restart your Android in Safe mode. Hold down the power button continuously until the “Turn off” button appears on your screen. Press and hold it until a message suggesting to restart in Safe Mode appears. Agree by clicking OK.
- If your device shows “Safe Mode” on the left side of the screen, it means you completed the first step correctly. Go to Settings, then to Applications and finally to Installed Apps section. Here, find and uninstall ALL suspicious applications.
- To uninstall malicious apps, do the following: Tap on it, then select Clear Cache, then Clear Data, and finally the Uninstall button.
- Reboot your device to turn the Safe Mode off then.
You can completely clean your device by applying a Factory Reset technique. Remember that this will remove all information from your phone, including apps, changes in settings, contacts, photos, music, videos, and all files in general. To perform the Factory Reset, do the following:
- Go to Settings.
- In the Personal section, click on Backup & reset. If the device asks, enter your PIN or password.
- Locate the Factory data reset button, which you can find in Personal Data section. Click Reset phone.
- Select Erase everything.
- Reboot your Android device.