A new variant of Konfety Android malware uses obfuscation techniques like malformed ZIP files and encrypted DEX files to evade detection and analysis. It impersonates legitimate apps to push malicious redirects, ads, and potentially more dangerous modules, targeting users through third-party app stores. #Konfety #AndroidMalware #ThirdPartyStores
Keypoints
- Konfety malware disguises itself as legitimate apps available on Google Play and third-party stores.
- The malware uses obfuscation techniques like malformed ZIP structures and encrypted DEX files to evade analysis.
- It performs malicious activities such as redirecting to harmful sites, pushing unwanted ads, and exfiltrating device information.
- Dynamic code loading and APK manipulation hinder static analysis and reverse engineering efforts.
- The malware employs geofencing and icon hiding to evade detection and adapt behavior based on region.