Cybersecurity researchers have identified a new variant of the Android malware Konfety that uses sophisticated evasion techniques, including app decoys and malicious APK tampering, to carry out ad fraud. The threat actor behind Konfety continually evolves its tactics to evade detection, making it a significant concern for Android security. #Konfety #Ducex
Keypoints
- The new Konfety variant leverages the evil twin technique with decoy apps sharing package names with legitimate ones.
- Malicious APKs are malformed, enabling threat actors to bypass detection and hinder reverse engineering efforts.
- The malware uses dynamic code loading, encrypted assets, and deceptive manifest declarations to evade analysis.
- Konfety abuses the CaramelAds SDK to deliver payloads, redirect users, and trigger spam notifications while hiding its icon.
- New techniques like TapTrap allow covert bypass of Android permissions, enabling malicious UI actions without user awareness.
Read More: https://thehackernews.com/2025/07/new-konfety-malware-variant-evades.html