This Android malware poses as real apps to take you to dangerous sites and flood your phone with spam
A new version of the Konfety malware that attacks the best Android phones now uses distorted APK files as well as other methods in order to avoid being detected and analyzed.
As reported by Bleeping Computer, this latest Konfety malware strain, which is neither spyware nor a remote access trojan, can pretend it is a legitimate app by copying both the branding and names of real apps from the Google Play Store.
Konfety mimics real products available on the Play Store, though it does not reproduce the same functionality of those apps. Likewise, it's distributed and promoted through third-party stores. This is a method that researchers have sometimes called a 'decoy twin' or 'evil twin' tactic, and is exactly why it is recommended to only download software from trusted publishers and to avoid installing APK files from third-party app stores.
Still, some users will resort to searching on these marketplaces for supposedly free versions of popular apps either because they don't have access to Google services as their Android device isn't supported or because they don't want to pay for legitimate software.
Here's everything you need to know about this new Android threat including some tips and tricks to help keep your phone safe from hackers and malware free.
Hiding in plain sight
Once Konfety has been installed on a victim's device it uses a malformed ZIP structure to avoid analysis and detection, and will begin its malicious behavior. It can redirect users to dangerous websites, install unwanted apps and provide fake browser notifications. Additionally, it can produce ads using a CaramelAds SKD and exfiltrate device data like installed apps, network configuration and system information.
Thanks to the capabilities of this latest version, it can also hide its app icon and name, and then use geofencing to alter its behavior depending on the region the device is located in. It performs all its nefarious hidden features courtesy of an encrypted DEX file inside the APK which is loaded and decrypted during runtime, and contains hidden services declared in the AndroidManifest file which allows for the delivery of more dangerous modules.
Konfety also manipulates the APK files to confuse and break static analysis and reverse engineering tools by signaling that the file is encrypted when it is not, which triggers a false password prompt when trying to inspect the file. This can block or delay access to the APKs contents.
Next, critical files within the APK are declared using BZIP compression, which is not supported by analysis tools and this results in a parsing failure. Android ignores the declared method and returns to the default processing which allows Konfety to install and run on the device without issue.
How to stay safe from Android malware
First and foremost, to avoid falling victim to the Konfety malware and other Android malware strains, it's essential that you don't sideload apps on your devices.
While it may seem convenient, doing so puts you at serious risk from malware, adware, spyware and other threats. The reason being is that sideloaded apps from third-party app stores or those downloaded as APK files don't go through the same rigorous security checks that they would on the Google Play Store or other first-party app stores like the Samsung Galaxy Store.
From there, you want to make sure that Google Play Protect is enabled on your Android phone. This pre-installed security app scans all of your existing apps and any new ones you download for malware. For extra protection though, you may also want to install and run one of the best Android antivirus apps alongside it.
Malicious apps are one of the easiest ways for hackers and other cybercriminals to establish a foothold on your devices, so they likely won't be going anywhere anytime soon. Instead, it's up to you to carefully vet each and every app you download and install. You also want to keep in mind that if an app sounds too good to be true, it probably is.
By sticking to official, first-party app stores and by limiting the number of apps you have installed on your phone overall, you should be able to safely avoid this new version of Konfety and other Android malware strains entirely.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
5.4 million hit in major healthcare data breach — names, emails, SSNs and more exposed
Google Gemini flaw exploited to turn AI-powered email summaries into the perfect phishing tool — everything you need to know
This new Android attack could trick you into compromising your own phone — everything you need to know
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
3 hours ago
- Yahoo
Google Has Quietly Been Detecting Earthquakes by Sensing Rumbling in Android Phones For Years
Google has for years been harnessing the power of its Android smartphones to detect and measure tens of thousands of earthquakes. In a new paper published in the journal Science, researchers from the search giant described how they used motion sensors from its two billion-strong network of phones running Android between the years 2021 and 2024 to detect and alert quakes to users in almost 100 countries around the world. Known as "Android Earthquake Alerts" (AEA), this early warning system has uses the smartphones' accelerometers to detect telltale vibrations as they happen and inform residents of quakes in their areas. With its two-tiered severity levels — the weaker "be aware alert" for lower-magnitude quakes that sends typical push notifications, and the more pressing "take action alert" for moderate or extreme shakes that issues a loud beeping alarm that overrides "Do Not Disturb" settings — Google boasts that it has warned of more than 11,000 quakes. While such a system has invariably saved lives, however, AEA is far from flawless. In the case of Turkey's deadly quakes in 2023 that claimed more than 55,000 lives and injured over 100,000 people, the company now admits that it erroneously sent its lower-level notifications to hundreds of thousands of people — a massive failure during one of the deadliest natural disasters in recent history. Both in the Science paper and in a statement to BBC, Google admitted that it only sent 469 "Take Action" alerts during the first of the two earthquakes that struck Turkey and Syria in February 2023, and instead mass-notified half a million people with the "Be Aware" version, the less severe of the two warnings. Because the first earthquake occurred at around 4:15 in the morning, that quieter warning likely went unseen by people who were asleep and had their phones silenced. That discrepancy appears to be the result of bad seismic readings from the phones' sensors. Initially, the system's algorithms estimated that the first quake was between a 4.5 and 4.9 on the moment magnitude scale (MMS), but it was actually a far more serious 7.8. During the second quake, the AEA also underestimated the magnitude, sending only 8,158 "Take Action" alarms and almost four million "Be Aware" alerts. (That shoddy algorithm, the company says, has since been updated.) Until now, Google deflected blame for the system's failure, even after the BBC investigated the AEA in the aftermath of the quakes and found it to be severely lacking. Though this sort of admission is better late than never, it's still concerning that Google took more than two years to admit the system's failures during the Turkey earthquakes. With so many people relying on the tech monolith for life-saving alerts, taking accountability for the AEA's failures is paramount — and that accountability should have been much swifter. More on disasters: Extreme Heat Is Killing Unfathomable Numbers of People Worldwide Solve the daily Crossword
Geek Tyrant
3 hours ago
- Geek Tyrant
Applications Open for DIGIMON ALYSION Beta — GeekTyrant
I have very limited experience with the Digimon Card Game that launched in 2020/2021 (depending on where you live), but I did enjoy that. Now, Bandai Card Games has announced that applications for the closed beta test of Digimon Alysion are open now until August 3 at 1:59 AM UTC! Digimon Alysion is a mobile game 'based on the widely popular Digimon Card Game ' that appears to basically be Digimon 's equivalent of Master Duel , Pokémon TCG Live , or MTG Arena . Digimon Alysion is a mobile game for smartphones based on the widely popular Digimon Card Game, which is available in four different languages to consumers around the world. The app brings the excitement of the trading card game to both Android and iOS mobile devices—allowing players to build decks with their favorite Digimon and engage in thrilling card battles against others. One cool feature is that Digimon Alysion will have an original story set in the world as the Digimon Liberator comic and novel. There will also be new characters and Digimon as well as Digimon following brand new evolution lines. Digimon Alysion does not have a release date for the full version, but this closed beta test is a good sign. The test period will be August 20025 with a maximum number of 10,000 participants. When it does eventually drop, Digimon Alysion will be available on Android and iOS. I know that I cannot wait to be able to more easily engage with the Digimon Card Game !
Tom's Guide
8 hours ago
- Tom's Guide
I tried Gmail's new subscription tool — and it makes cleaning up your inbox super easy
Your Gmail inbox is probably drowning in subscription emails right now. Shopping deals, newsletters, app notifications, and promotional messages pile up faster than you can delete them. Gmail's subscription management tool changes that by giving you a central hub to see exactly which senders are flooding your inbox and how often they're doing it. Instead of hunting through individual emails looking for tiny unsubscribe links, you can now view all your recurring senders in one place and unsubscribe with just a couple of clicks. Whether you're dealing with overzealous retailers or newsletters you forgot you signed up for, Gmail's updated features make it easier than ever to reclaim control of your inbox. Go to your Gmail inbox and click More on the left-hand menu under Inbox and Sent, then choose Manage subscriptions. If you don't see the menu options, click the three horizontal lines in the top-left corner to expand it. On mobile devices (Android or iOS), tap the three horizontal lines in the top-left, then select Manage subscriptions. This opens Gmail's central hub for all your recurring email senders, organized automatically so you don't need to search through your inbox manually. Gmail displays your subscription senders sorted by how often they email you, making it easy to spot the worst offenders. You can see how many emails each sender has sent recently and get a quick overview of which subscriptions are taking up the most space in your inbox. Click or tap on any sender to preview individual messages and get a better sense of what they're sending you. The senders emailing you daily or multiple times per week will appear at the top. To unsubscribe from a sender, click the unsubscribe button on the right side of each sender's entry. Gmail will ask you to confirm your choice, so click Unsubscribe again if you're sure. The process takes just two clicks or taps, making it much faster than hunting for unsubscribe links in individual emails. For subscriptions you want to keep but organize better, open one of their emails, click the three dots in the top-right corner, then select Filter messages like this. Click Create filter to choose what happens to future emails — you can archive them automatically, mark them as read, delete them, or apply labels like "newsletter" or "promo." Manage your filters anytime by clicking the gear icon, choosing See all settings, and opening the Filters and blocked addresses tab. Type unsubscribe in Gmail's search box at the top of the interface to find subscription emails that might not appear in the management tool. You can click through to individual emails to find their unsubscribe buttons. This manual method works as a great backup if the subscription management feature doesn't catch everything, helping you track down older subscriptions or less frequent senders. Now you've learned how to manage your subscriptions in Gmail, why not take a look at some other inbox tips and tricks? Check out One inbox to rule them all — how to transfer emails between Gmail accounts and I used Google Gemini to declutter my Gmail account — here's how you can do it too. And to ensure your emails are safe from prying eyes, don't miss this little-known Gmail feature lets you encrypt sensitive emails. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
