Latest news with #Konfety
Yahoo
6 days ago
- Yahoo
This Android malware poses as real apps to take you to dangerous sites and flood your phone with spam
When you buy through links on our articles, Future and its syndication partners may earn a commission. A new version of the Konfety malware that attacks the best Android phones now uses distorted APK files as well as other methods in order to avoid being detected and analyzed. As reported by Bleeping Computer, this latest Konfety malware strain, which is neither spyware nor a remote access trojan, can pretend it is a legitimate app by copying both the branding and names of real apps from the Google Play Store. Konfety mimics real products available on the Play Store, though it does not reproduce the same functionality of those apps. Likewise, it's distributed and promoted through third-party stores. This is a method that researchers have sometimes called a 'decoy twin' or 'evil twin' tactic, and is exactly why it is recommended to only download software from trusted publishers and to avoid installing APK files from third-party app stores. Still, some users will resort to searching on these marketplaces for supposedly free versions of popular apps either because they don't have access to Google services as their Android device isn't supported or because they don't want to pay for legitimate software. Here's everything you need to know about this new Android threat including some tips and tricks to help keep your phone safe from hackers and malware free. Hiding in plain sight Once Konfety has been installed on a victim's device it uses a malformed ZIP structure to avoid analysis and detection, and will begin its malicious behavior. It can redirect users to dangerous websites, install unwanted apps and provide fake browser notifications. Additionally, it can produce ads using a CaramelAds SKD and exfiltrate device data like installed apps, network configuration and system information. Thanks to the capabilities of this latest version, it can also hide its app icon and name, and then use geofencing to alter its behavior depending on the region the device is located in. It performs all its nefarious hidden features courtesy of an encrypted DEX file inside the APK which is loaded and decrypted during runtime, and contains hidden services declared in the AndroidManifest file which allows for the delivery of more dangerous modules. Konfety also manipulates the APK files to confuse and break static analysis and reverse engineering tools by signaling that the file is encrypted when it is not, which triggers a false password prompt when trying to inspect the file. This can block or delay access to the APKs contents. Next, critical files within the APK are declared using BZIP compression, which is not supported by analysis tools and this results in a parsing failure. Android ignores the declared method and returns to the default processing which allows Konfety to install and run on the device without issue. How to stay safe from Android malware First and foremost, to avoid falling victim to the Konfety malware and other Android malware strains, it's essential that you don't sideload apps on your devices. While it may seem convenient, doing so puts you at serious risk from malware, adware, spyware and other threats. The reason being is that sideloaded apps from third-party app stores or those downloaded as APK files don't go through the same rigorous security checks that they would on the Google Play Store or other first-party app stores like the Samsung Galaxy Store. From there, you want to make sure that Google Play Protect is enabled on your Android phone. This pre-installed security app scans all of your existing apps and any new ones you download for malware. For extra protection though, you may also want to install and run one of the best Android antivirus apps alongside it. Malicious apps are one of the easiest ways for hackers and other cybercriminals to establish a foothold on your devices, so they likely won't be going anywhere anytime soon. Instead, it's up to you to carefully vet each and every app you download and install. You also want to keep in mind that if an app sounds too good to be true, it probably is. By sticking to official, first-party app stores and by limiting the number of apps you have installed on your phone overall, you should be able to safely avoid this new version of Konfety and other Android malware strains entirely. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. More from Tom's Guide 5.4 million hit in major healthcare data breach — names, emails, SSNs and more exposed Google Gemini flaw exploited to turn AI-powered email summaries into the perfect phishing tool — everything you need to know This new Android attack could trick you into compromising your own phone — everything you need to know
Forbes
16-07-2025
- Forbes
Are These Dangerous Apps Already Hacking Your Smartphone?
Are these apps already attacking your phone? getty There's a dangerous game of hide and seek taking place on your phone. The tradecraft behind the malicious app industry is fast becoming as much about hiding as attacking. If you can't be seen, then you can't be deleted. And more damage will be done. That's the crux of the new warning from Zimperium, whose zLabs team followed up on Human's report into Konfety evil twin attacks that I covered a year ago. 'At its peak,' Human said, 'Konfety-related programmatic bids reached 10 billion requests per day.' Forbes Microsoft Confirms New Upgrade Deadlines—'Move To Windows 11' By Zak Doffman 'Bids per day' because this is an adware (advertising fraud) attack. The ruse is simple. The bad actors create two versions of an app with the same name. One is benign and is uploaded to Google's Play Store, with some basic, barely useful features. The second 'evil twin' version of the app is dangerous, and is distributed via other channels. The evil twin overloads its host phone with unwanted ads, often taking up the entire screen, making it difficult to actually operate the phone. This generates revenue for the bad actors, tricking legitimate advertisers into paying for fraudulently delivered ads. Now, 'as part of our ongoing mission to identify emerging threats to mobile security,' Zimperium says it has been 'actively tracking a new, sophisticated variant' of the threat. The zLabs team says the threat actors behind Konfety 'consistently alter their targeted ad networks and update their methods to evade detection.' In the latest variants of the malware, this includes 'specifically tampering with the APK's ZIP structure… to bypass security checks and significantly complicate reverse engineering efforts, making detection and analysis more challenging for security professionals.' The scale of this adware industry is out of control. Not all attacks operate in this scale way, but they are mostly (but not always) driven by apps sideloaded from outside the official app stores. That's the easiest way to stay safe — stop sideloading. Forbes Google Warns All Chrome Users—Update Now As Attacks Underway By Zak Doffman That's why Google's new Advanced Protection Mode that comes with Android 16 restricts sideloading with no option to disable or workaround that protection. Apps installed in this way carry significantly more risks to users, phones and data. 'Konfety's operations depict the latest in a series of adaptations from ad fraudsters to cloak their activities using novel tactics that enable them to evade detection,' Human said last year. The new report from Zimperium shows nothing at all has changed.
Tom's Guide
15-07-2025
- Tom's Guide
This Android malware poses as real apps to take you to dangerous sites and flood your phone with spam
A new version of the Konfety malware that attacks the best Android phones now uses distorted APK files as well as other methods in order to avoid being detected and analyzed. As reported by Bleeping Computer, this latest Konfety malware strain, which is neither spyware nor a remote access trojan, can pretend it is a legitimate app by copying both the branding and names of real apps from the Google Play Store. Konfety mimics real products available on the Play Store, though it does not reproduce the same functionality of those apps. Likewise, it's distributed and promoted through third-party stores. This is a method that researchers have sometimes called a 'decoy twin' or 'evil twin' tactic, and is exactly why it is recommended to only download software from trusted publishers and to avoid installing APK files from third-party app stores. Still, some users will resort to searching on these marketplaces for supposedly free versions of popular apps either because they don't have access to Google services as their Android device isn't supported or because they don't want to pay for legitimate software. Here's everything you need to know about this new Android threat including some tips and tricks to help keep your phone safe from hackers and malware free. Once Konfety has been installed on a victim's device it uses a malformed ZIP structure to avoid analysis and detection, and will begin its malicious behavior. It can redirect users to dangerous websites, install unwanted apps and provide fake browser notifications. Additionally, it can produce ads using a CaramelAds SKD and exfiltrate device data like installed apps, network configuration and system information. Thanks to the capabilities of this latest version, it can also hide its app icon and name, and then use geofencing to alter its behavior depending on the region the device is located in. It performs all its nefarious hidden features courtesy of an encrypted DEX file inside the APK which is loaded and decrypted during runtime, and contains hidden services declared in the AndroidManifest file which allows for the delivery of more dangerous modules. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Konfety also manipulates the APK files to confuse and break static analysis and reverse engineering tools by signaling that the file is encrypted when it is not, which triggers a false password prompt when trying to inspect the file. This can block or delay access to the APKs contents. Next, critical files within the APK are declared using BZIP compression, which is not supported by analysis tools and this results in a parsing failure. Android ignores the declared method and returns to the default processing which allows Konfety to install and run on the device without issue. First and foremost, to avoid falling victim to the Konfety malware and other Android malware strains, it's essential that you don't sideload apps on your devices. While it may seem convenient, doing so puts you at serious risk from malware, adware, spyware and other threats. The reason being is that sideloaded apps from third-party app stores or those downloaded as APK files don't go through the same rigorous security checks that they would on the Google Play Store or other first-party app stores like the Samsung Galaxy Store. From there, you want to make sure that Google Play Protect is enabled on your Android phone. This pre-installed security app scans all of your existing apps and any new ones you download for malware. For extra protection though, you may also want to install and run one of the best Android antivirus apps alongside it. Malicious apps are one of the easiest ways for hackers and other cybercriminals to establish a foothold on your devices, so they likely won't be going anywhere anytime soon. Instead, it's up to you to carefully vet each and every app you download and install. You also want to keep in mind that if an app sounds too good to be true, it probably is. By sticking to official, first-party app stores and by limiting the number of apps you have installed on your phone overall, you should be able to safely avoid this new version of Konfety and other Android malware strains entirely. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
