This Android malware poses as real apps to take you to dangerous sites and flood your phone with spam
As reported by Bleeping Computer, this latest Konfety malware strain, which is neither spyware nor a remote access trojan, can pretend it is a legitimate app by copying both the branding and names of real apps from the Google Play Store.
Konfety mimics real products available on the Play Store, though it does not reproduce the same functionality of those apps. Likewise, it's distributed and promoted through third-party stores. This is a method that researchers have sometimes called a 'decoy twin' or 'evil twin' tactic, and is exactly why it is recommended to only download software from trusted publishers and to avoid installing APK files from third-party app stores.
Still, some users will resort to searching on these marketplaces for supposedly free versions of popular apps either because they don't have access to Google services as their Android device isn't supported or because they don't want to pay for legitimate software.
Here's everything you need to know about this new Android threat including some tips and tricks to help keep your phone safe from hackers and malware free.
Once Konfety has been installed on a victim's device it uses a malformed ZIP structure to avoid analysis and detection, and will begin its malicious behavior. It can redirect users to dangerous websites, install unwanted apps and provide fake browser notifications. Additionally, it can produce ads using a CaramelAds SKD and exfiltrate device data like installed apps, network configuration and system information.
Thanks to the capabilities of this latest version, it can also hide its app icon and name, and then use geofencing to alter its behavior depending on the region the device is located in. It performs all its nefarious hidden features courtesy of an encrypted DEX file inside the APK which is loaded and decrypted during runtime, and contains hidden services declared in the AndroidManifest file which allows for the delivery of more dangerous modules.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Konfety also manipulates the APK files to confuse and break static analysis and reverse engineering tools by signaling that the file is encrypted when it is not, which triggers a false password prompt when trying to inspect the file. This can block or delay access to the APKs contents.
Next, critical files within the APK are declared using BZIP compression, which is not supported by analysis tools and this results in a parsing failure. Android ignores the declared method and returns to the default processing which allows Konfety to install and run on the device without issue.
First and foremost, to avoid falling victim to the Konfety malware and other Android malware strains, it's essential that you don't sideload apps on your devices.
While it may seem convenient, doing so puts you at serious risk from malware, adware, spyware and other threats. The reason being is that sideloaded apps from third-party app stores or those downloaded as APK files don't go through the same rigorous security checks that they would on the Google Play Store or other first-party app stores like the Samsung Galaxy Store.
From there, you want to make sure that Google Play Protect is enabled on your Android phone. This pre-installed security app scans all of your existing apps and any new ones you download for malware. For extra protection though, you may also want to install and run one of the best Android antivirus apps alongside it.
Malicious apps are one of the easiest ways for hackers and other cybercriminals to establish a foothold on your devices, so they likely won't be going anywhere anytime soon. Instead, it's up to you to carefully vet each and every app you download and install. You also want to keep in mind that if an app sounds too good to be true, it probably is.
By sticking to official, first-party app stores and by limiting the number of apps you have installed on your phone overall, you should be able to safely avoid this new version of Konfety and other Android malware strains entirely.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
UPI
an hour ago
- UPI
Trump announces creation of 'AI economy' during innovation summit
July 15 (UPI) -- Pennsylvanians and the nation will benefit from $100 billion in energy- and artificial intelligence-related investments announced on Tuesday to energize the nation's growing AI economy. The investments should create tens of thousands of new jobs for Pennsylvanians in the energy and AI sectors while helping the United States improve its economy and global AI standing, President Donald Trump said during Tuesday's inaugural Pennsylvania Energy and Innovation Summit in Pittsburgh. "We're here today because we believe America's destiny is to dominate every industry and be the first in every technology," Trump told attendees. "That includes being the world's No. 1 superpower in artificial intelligence," he added. The president said the United States is "way ahead of China" in AI development and has many plants under construction. "China and other countries are racing to catch up to America having to do with AI," Trump said. "We're not going to let them do it," he said. "We have the great chips [and] the great everything." Trump said the United States is "going to be fighting them in a very friendly fashion," adding that he and Chinese President Xi Jinping have a "great relationship." "Remaining the world's leader in AI will require an enormous increase in energy production," Trump told the audience. He said "clean, beautiful coal" and oil production will be a key element in producing more electrical power to support AI endeavors in the United States and to stay ahead of China in AI development. More than $56 billion in new energy infrastructure and $36 billion in new data projects were announced on Tuesday, the president said. A $15 billion investment by Knighthead Capital Management will create the largest natural gas-fired power generation plant in North America in Homer City, Pa. Google also is investing "billions and billions" to revitalize two hydropower facilities in the commonwealth, Trump added. Westinghouse officials also have announced that the company will build several nuclear power plants throughout the nation to ensure the AI economy has ample energy available. "A lot more than that will be announced in the coming weeks and months," Trump added. The president said 20 "leading technology and energy companies" are poised to invest in Pennsylvania to develop an AI economy that utilizes the commonwealth's energy and technology assets, CBS News reported. Many firms are investing elsewhere in the country, too, in order to support the nation's AI economy, according to the New York Post. Trump spoke for about 30 minutes during the hour-long Pennsylvania Energy and Innovation Summit, which was organized by Sen Dave McCormick, R-Pa., and held on the campus of Carnegie Mellon University. Pennsylvania's Democratic Gov. Josh Shapiro and others joined Trump and McCormick to discuss energy matters and the growth of AI in the United States.
Yahoo
an hour ago
- Yahoo
Brookfield and Google Sign Hydro Framework Agreement to Deliver up to 3,000 MW of Homegrown Energy in the United States
NEW YORK and PITTSBURGH, July 15, 2025 (GLOBE NEWSWIRE) -- Brookfield Asset Management (NYSE: BAM; TSX: BAM), together with Brookfield Renewable (NYSE: BEP, BEPC; TSX: BEPC) ('Brookfield') and Google today announced a first-of-its-kind Hydro Framework Agreement ('HFA') to deliver up to 3,000 megawatts (MW) of carbon-free hydroelectric capacity across the United States – the world's largest corporate clean power deal for hydroelectricity. The first contracts executed under the HFA are for Brookfield's Holtwood and Safe Harbor hydroelectric facilities in Pennsylvania, representing more than $3 billion of power and 670 MW of capacity. The HFA represents a significant step forward in Brookfield's strategy to deliver flexible, dispatchable clean energy solutions to the technology sector and supports Google's ambition to power its operations with 24/7 carbon-free energy. Under the HFA, Google has the ability to procure carbon-free electricity from up to 3,000 MWs of hydroelectric assets that will be relicensed, overhauled, or upgraded to extend the asset's useful life and continue adding power to the grid. The first contracted assets consist of hydroelectric facilities in Pennsylvania that Brookfield is relicensing. Brookfield and Google will initially focus in the mid-Atlantic (PJM) and mid-continent (MISO) electricity markets, with the flexibility to expand into other U.S. regions. The 20-year Power Purchase Agreements ('PPAs') for Brookfield's Holtwood and Safe Harbor hydroelectric facilities in Pennsylvania will support Google's operations across PJM. The transaction structure allows Brookfield to maintain existing commitments to power consumers such as Amtrak from the Safe Harbor facility. Amanda Peterson Corio, Head of Data Center Energy from Google said: 'At Google, we're dedicated to responsibly growing the digital infrastructure that powers daily life for people, communities and businesses. This collaboration with Brookfield is a significant step forward, ensuring clean energy supply in the PJM region where we operate. Hydropower is a proven, low-cost technology, offering dependable, homegrown, carbon-free electricity that creates jobs and builds a stronger grid for all." Connor Teskey, President of Brookfield Asset Management, commented: 'Our partnership with Google demonstrates the critical role that hydropower can play in helping hyperscale customers meet their energy goals. Delivering power at scale and from a range of sources will be required to meet the growing electricity demands from digitalization and artificial intelligence.' About Brookfield Brookfield Asset Management (NYSE: BAM, TSX: BAM) is a leading global alternative asset manager, headquartered in New York, with over $1 trillion of assets under management. Brookfield invests client capital for the long term with a focus on real assets and essential service businesses that form the backbone of the global economy. Brookfield offers a range of alternative investment products to investors around the world — including public and private pension plans, endowments and foundations, sovereign wealth funds, financial institutions, insurance companies and private wealth investors. Brookfield operates Brookfield Renewable Partners (NYSE: BEP, BEPC TSX: BEPC), one of the world's largest publicly traded platforms for renewable power and sustainable solutions. Our renewable power portfolio consists of hydroelectric, wind, utility-scale solar and storage facilities and our sustainable solutions assets include our investment in a leading global nuclear services business and a portfolio of investments in carbon capture and storage capacity, agricultural renewable natural gas, materials recycling and eFuels manufacturing capacity, among others. Contact Information: Google press@ Brookfield Simon Maine (Media) Alex Jackson (Investors) +44 7398 909 278 +1 416 649 8196 This news release contains 'forward-looking statements' within the meaning of the U.S. Securities Act of 1933, the U.S. Securities Exchange Act of 1934, 'safe harbor' provisions of the United States Private Securities Litigation Reform Act of 1995 and 'forward-looking information' within the meaning of other relevant securities legislation, including applicable securities laws in Canada, which reflect our current views with respect to, among other things, our operations and financial performance (collectively, 'forward-looking statements'). Forward-looking statements include statements that are predictive in nature, depend upon or refer to future results, events or conditions, and include, but are not limited to, statements which reflect management's current estimates, beliefs and assumptions and which are in turn based on our experience and perception of historical trends, current conditions and expected future developments, as well as other factors management believes are appropriate in the circumstances. The estimates, beliefs and assumptions of Brookfield are inherently subject to significant business, economic, competitive and other uncertainties and contingencies regarding future events and as such, are subject to change. Forward-looking statements are typically identified by words such as 'expect', 'anticipate', 'believe', 'foresee', 'could', 'estimate', 'goal', 'intend', 'plan', 'seek', 'strive', 'will', 'may' and 'should' and similar expressions. In particular, the forward-looking statements contained in this news release include statements referring to the impact of the HFA. Although Brookfield believes that such forward-looking statements are based upon reasonable estimates, beliefs and assumptions, certain factors, risks and uncertainties, which are described from time to time in our documents filed with the securities regulators in the United States and Canada, not presently known to Brookfield, or that Brookfield currently believes are not material, could cause actual results to differ materially from those contemplated or implied by forward-looking statements. Reference should be made to 'Item 1A - Risk Factors' and 'Item 7 - Management's Discussion and Analysis of Financial Condition and Results of Operations - Forward-Looking Statements' in Brookfield Asset Management Ltd.'s Annual Report on Form 10-K and 'Item 3D - Risk Factors' in Brookfield Renewable Partners L.P.'s Annual Report on Form 20-F and in Brookfield Renewable Corporation's Annual Report on Form 20-F. Readers are urged to consider these risks, as well as other uncertainties, factors and assumptions carefully in evaluating the forward-looking statements and are cautioned not to place undue reliance on such forward-looking statements, which are based only on information available to us as of the date of this news release. Except as required by law, Brookfield undertakes no obligation to publicly update or revise any forward-looking statements, whether written or oral, that may be as a result of new information, future events or in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Digital Trends
an hour ago
- Digital Trends
Google's AI agent ‘Big Sleep' just stopped a cyberattack before it started
Google's AI agent, dubbed Big Sleep, has achieved a cybersecurity milestone by detecting and blocking an imminent exploit in the wild—marking the first time an AI has proactively foiled a cyber threat. Developed by Google DeepMind and Project Zero, Big Sleep identified a critical vulnerability in SQLite (CVE-2025-6965), an open-source database engine, that was on the verge of being exploited by malicious actors, allowing Google to patch it before damage occurred. 'We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild,' the company said. Why it matters: As cyberattacks surge—costing businesses trillions annually—this breakthrough shifts defense from reactive patching to AI-driven prediction and prevention. It gives security teams a powerful new tool to stay ahead of hackers, potentially saving devices and data worldwide. CEO Sundar Pichai called it 'a first for an AI agent—definitely not the last' according to Live Mint. Recommended Videos Go deeper: Big Sleep isn't just a one-trick pony; since November 2024, it's uncovered multiple real-world flaws in open-source software, scaling human expertise to scan vast codebases autonomously. In this case, aided by Google Threat Intelligence, it spotted the SQLite flaw—known only to threats—and enabled a swift fix. Google emphasizes safeguards like human oversight and privacy protections in its deployment. Beyond Big Sleep, Google's ramping up AI security: Timesketch now uses Sec-Gemini for automated forensics, FACADE detects insider threats via billions of events, and partnerships like the AI Cyber Challenge with DARPA aim to crowdsource more innovations.
