Forwarded from Free網絡信息自由門 (纯事件为主的翻墙free公益网友闲极无聊自媒体)
[Android恶意程序利用虚拟机悄悄安装应用]⚠️ Android恶意程序HummingWhale利用奇虎手机助手团队开发的插件DroidPlugin实现虚拟机功能悄悄在用户设备上安装应用。HummingWhale的传播方法不是通过第三方应用商店,而是隐身于官方应用商店 Google Play,它的大约20款恶意应用被200万到1200万毫无防备的用户下载。这一事件显示,即使官方商店的应用也不能完全信任。
A virulent family of malware that infected more than 10 million Android devices last year has made a comeback, this time hiding inside Google Play apps that have been downloaded by as many as 12 million unsuspecting users.
HummingWhale, as the professionally developed malware has been dubbed, is a variant of HummingBad, the name given to a family of malicious apps researchers documented in July invading non-Google app markets. HummingBad attempted to override security protections by exploiting unpatched vulnerabilities that gave the malware root privileges in older versions of Android. Before Google shut it down, it installed more than 50,000 fraudulent apps each day, displayed 20 million malicious advertisements, and generated more than $300,000 per month in revenue. Of the 10 million people who downloaded HummingBad-contaminated apps, an estimated 286,000 of them were located in the US.
Google在接到安全研究人员的通知后已经将恶意应用移除。HummingWhale主要通过两种方法产生收入:展示广告和自动安装应用。它将应用安装在虚拟机里,创建假的ID获取应用推荐收入。安
装在虚拟机里的好处是安装时不需要用户批准权限,此外虚拟机还可以隐藏其恶意活动,让它还可以在被感染设备上安装无限的应用。HummingWhale还被观察到能自动生成好评掩盖差评。
http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/
A virulent family of malware that infected more than 10 million Android devices last year has made a comeback, this time hiding inside Google Play apps that have been downloaded by as many as 12 million unsuspecting users.
HummingWhale, as the professionally developed malware has been dubbed, is a variant of HummingBad, the name given to a family of malicious apps researchers documented in July invading non-Google app markets. HummingBad attempted to override security protections by exploiting unpatched vulnerabilities that gave the malware root privileges in older versions of Android. Before Google shut it down, it installed more than 50,000 fraudulent apps each day, displayed 20 million malicious advertisements, and generated more than $300,000 per month in revenue. Of the 10 million people who downloaded HummingBad-contaminated apps, an estimated 286,000 of them were located in the US.
Google在接到安全研究人员的通知后已经将恶意应用移除。HummingWhale主要通过两种方法产生收入:展示广告和自动安装应用。它将应用安装在虚拟机里,创建假的ID获取应用推荐收入。安
装在虚拟机里的好处是安装时不需要用户批准权限,此外虚拟机还可以隐藏其恶意活动,让它还可以在被感染设备上安装无限的应用。HummingWhale还被观察到能自动生成好评掩盖差评。
http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/
Ars Technica
Virulent Android malware returns, gets >2 million downloads on Google Play
HummingWhale is back with new tricks, including a way to gin user ratings.