HummingWhale malware is an updated HummingBad virus that targets Android users only
Questions about HummingWhale virus
HummingWhale virus is an improved version of the infamous HummingBad malware. It is an Android virus, which managed to compromise more than 10 million Android devices in 2016. It appears that this Android malware has made a comeback with more than 20 malicious apps on Google Play Store. According to Check Point’s analysis, this well-made malware predecessor used chain-attack tactics and set up a rootkit on the device to gain full control of it. However, HummingBad was evolved, and in 2017, the gang called Yingmob, which is responsible for these malicious attacks against Android users, released updated malware samples. All of the malicious programs pretend to be applications that have something to do with Android’s camera and are uploaded to the Google Play Store by fake Chinese developers. Here are some examples of malicious programs that contain HummingWhale Trojan:
Whale Camera, Smile Camera, Swan Camera, Coco Camera, Sweet Camera, Ice Camera, Happy Camera, Hot Camera, Shell Camera, Rainbow Camera, HiPorn, Light VPN-Fast, Safe, Free, Beauty Camera, File Master, and more.
There were more than 20 malicious apps on Google Play Store that contained HummingWhale malware.
Victims who have installed any of these malware samples typically leave one-star complaints on Google Store, saying that the program is worthless and closes right after opening it. Research shows that these programs tend to register some events on boot, including TIME_TICK, INSTALL_REFERRER, and SCREEN_OFF. Every malicious application has a huge 1.3MB file named assets/group.png, which was encrypted. What is more, these applications contain a group.png file, which is actually a .apk file, which means it is a file that can be executed as a program. Exactly this file carries a malicious payload and works as a malware installer. It is capable of installing additional malware to the device without even asking user’s permission. It uses a plugin known as DroidPlugin to upload downloaded applications on a virtual machine, which allows criminals to install many applications without making the compromised device lag. There is also a Command and Control center associated with the malware, which delivers bogus sponsored content and malicious applications. Everytime the victim attempts to close the ad, the malware transfers the additional application to the virtual machine. An unreal referrer ID is then generated, and this way culprits manage to generate revenue without hassle. This highly sophisticated malware sample hides its presence completely, helping its authors make large sums of money without being caught. It goes without saying that HummingWhale removal is a must-do task, and it should be done with the help of a strong anti-malware program that is compatible with Android. We highly suggest you remove HummingWhale malware using the SpyHunter 5Combo Cleaner software.
How did I get infected with this Android virus?
As we have already mentioned, you can infect your device with this Android virus simply by downloading a malicious app from Google Play Store. Although the indicated store was already warned about this malware and took off all malicious apps from the store, it doesn’t mean that hackers won’t improve the malware in the future. It is known that culprits forged good reviews for these applications to trick unsuspecting victims into installing them. Therefore, it simply means that you should look for more information before installing anything to your device.
How can I remove HummingWhale malware from my Android device?
In this part, you can find a detailed HummingWhale removal tutorial. Keep in mind that you might need to factory reset your device in order to entirely get rid of HummingWhale virus. If you are ready to remove HummingWhale malware, follow these steps:
- Restart your Android in Safe mode. Hold down the power button continuously until the “Turn off” button appears on your screen. Press and hold it until a message suggesting to restart in Safe Mode appears. Agree by clicking OK.
- If your device shows “Safe Mode” on the left side of the screen, it means you completed the first step correctly. Go to Settings, then to Applications and finally to Installed Apps section. Here, find and uninstall ALL suspicious applications.
- To uninstall malicious apps, do the following: Tap on it, then select Clear Cache, then Clear Data, and finally the Uninstall button.
- Reboot your device to turn the Safe Mode off then.
You can completely clean your device by applying a Factory Reset technique. Remember that this will remove all information from your phone, including apps, changes in settings, contacts, photos, music, videos, and all files in general. To perform the Factory Reset, do the following:
- Go to Settings.
- In the Personal section, click on Backup & reset. If the device asks, enter your PIN or password.
- Locate the Factory data reset button, which you can find in Personal Data section. Click Reset phone.
- Select Erase everything.
- Reboot your Android device.
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.
The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login.
VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.
Backup files for the later use, in case of the malware attack
Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.
It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.
When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.