Cybersecurity researchers have detected a new wave of evolution in Android malware. Viruses are now camouflaged even more effectively: they modify the structure of APK files, apply unusual compression algorithms and use geolocation. As a result, most antiviruses do not have time to detect the threat, and it enters the device unnoticed.
One method of confusing experts is to change bit flags in ZIP archives — this causes errors during unpacking and prevents the use of standard analysis tools. After installation, the malware hides its icon among system programs, making itself virtually invisible to the user.
The use of geofencing adds a special complexity: the virus automatically blocks its own activation in certain regions to avoid detection during technical analysis. In this way, attackers minimize the risk of detection during testing in security labs.
Another dangerous feature is the transmission of instructions through advertising networks. Malware redirects the user to dubious sites, where they are encouraged to install additional programs, which are often also malicious or spy on the victim.
Security experts emphasize that attackers have become much more cautious and technically prepared. To reduce risks, you should install applications only from official sources (for example, Google Play), regularly update your antivirus, and carefully check what permissions you grant to applications.