Security company CheckPoint has reported new malware that has been quietly established on some Android devices through some 20 photographic applications available in the Play Store and which together have been downloaded more than one million times. The new malicious software is known as Hummingwhale and is a variant of Hummingbad that already last year infected more than 10 million mobile devices with Google's operating system. The new version, however, seems more evolved than the previous one.
The applications in question were designed exclusively as vehicles to install the virus, and an app by itself, once installed and activated, creates in the phone memory a virtual machine within which it registers itself in other fraudulent applications. This trick last year had allowed the creators of Hummingbad to earn up to a maximum of $ 300,000 in a single month for fraudulent advertising campaigns, and was present once again in the Google Play Store. This malicious program is mainly hidden in applications related to photographic functions published by nonexistent Chinese developer names and can be recognized by the presence of a "suspiciously large" encrypted file, as they write in CheckPoint.
The unusual method of action has ensured that Hummingwhale has several advantages: first, its danger has gone unnoticed in the algorithms of Google that control all applications that appear in the Play Store and can be downloaded by the user. In addition, the malware has also been able to act without the corresponding permissions of the owner of the smartphone or tablet. Finally, since the application is installed in a protected space, it does not appear on the main screen or in the application drawer of the device. There is no choice but to format or install a very powerful antivirus and especially updated for that kind of malware.