Skip to main content

Android HummingBad Malware Back, Now Called HummingWhale

By February 14, 2017March 1st, 2023Cybersecurity

It is an article of faith that Google’s Play Store and Apple’s iStore are the two safest sources for downloading apps. As good as their security routines are, however, they’re not perfect, and sometimes, things slip through the cracks.

The world got a painful reminder of their fallibility last year when a group of hackers managed to infect millions of Android devices by successfully dodging Google’s security and uploading poisoned versions of popular apps with a malware program called “Hummingbad.”

At peak infection, the Hummingbad app was generating more than $300,000 a month in profits for the hackers.

Once Google was made aware of the issue, it pounced and began the work of identifying the poisoned apps and cleaning up the Play Store to make it safe again.

That worked, but only for a while. The hackers are back with a new and improved version, dubbed “Hummingwhale,” which utilizes cutting edge technology and coding techniques to make it even harder to spot and stop.

As before, they’ve managed to get around the Play Store’s normally robust security and get the apps where they can be downloaded by the consuming public. Once again, the money is rolling in as millions of users are now re-infected.

Google is again moving swiftly and decisively to shut this latest strain down, but the trend is impossible to ignore. The hackers are relentless, and their attacks are increasing in complexity and sophistication with each passing year.

One thing we can be sure of is this: even if you and your employees managed to avoid getting infected by Hummingwhale, there’s always a new threat on the horizon, and it’s only a matter of time before someone in your organization gets careless and winds up infecting one of the devices they use to connect to your business network. With luck, it will only display a few annoying ads, but as you know, it could be very much worse than that.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.