Malware, Threat Intelligence

Updated Konfety Android malware adds more stealth

New high-severity Ivanti bug revealed, second in a week

Additional obfuscation techniques have been integrated into the new iteration of the Android app-spoofing Konfety malware, which facilitates unauthorized app downloads, malicious site visits, and bogus browser notifications, reports BleepingComputer.

Aside from copying legitimate Google Play apps' names and branding to become "decoy twins" distributed in other app stores, Konfety also harnesses dynamic code loading involving nefarious logic concealment within an encrypted DEX file, as well as alters APK files to prompt parsing failures or fake password prompts due to lack of analysis tool support and false encryption signals, respectively, according to a Zimperium analysis. Installation of the malware then facilitates the shrouding of app icons and names and the subsequent use of geofencing to allow user location-based behaviors, said Zimperium researchers. Such findings follow a Kaspersky report detailing fellow Android malware SoumniBot's exploitation of compression-based obfuscation to facilitate compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds