HummingWhale is a new variant of the HummingBad malware found in more than 20 Android apps on Google Play Store. Malicious apps were already downloaded by over 12 million unsuspecting users before the Google Security team removed them from the Play Store before Google Security removed them. The new malware uses a disguised Android application package (APK) file that acts as a dropper which downloads and runs further apps on the victim’s smartphone. If the victim notices and closes its process, the APK file then drops itself into a virtual machine in an effort to make it harder to detect.
Source: https://thehackernews.com/2017/01/hummingbad-android-malware.html