Konfety Android Malware Exploits ZIP Tricks to Masquerade as Legit Apps on Google Play

Konfety Android Malware Exploits ZIP Tricks to Masquerade as Legit Apps on Google Play Security researchers from zLabs have discovered a more advanced version of the Konfety Android malware, which uses complex ZIP-level changes to avoid detection and mimic genuine apps on the Google Play Store, marking a dramatic increase in mobile dangers. This malware employs an “evil-twin” strategy, where malicious versions distributed through third-party sources identical package names with benign apps available on official stores, thereby enhancing its stealth and deceptive capabilities. Advanced Evasion Tactics By tampering with the APK’s ZIP structure such as enabling the general purpose flag (bit 00) to falsely indicate encryption and declaring an unsupported BZIP compression method (0x000C) for critical files like AndroidManifest.xml Konfety disrupts commonreverse engineering tools. These alterations cause utilities like APKTool and JADX to either prompt for non-existent passwords or crash out...