216.73.217.80

Konfety Returns: Classic Mobile Threat with New Evasion Techniques

· Published 16/07/2025 08:00 · Modified 16/07/2025 08:17

Export JSON

Essential information

Published
16/07/2025 08:00
Modified
16/07/2025 08:17
Tags
2025-07-16 ad fraud infrastructure android caramelads sdk konfety
Related entities
26 observables, 7 techniques (mitre), 1 malware

Description

A sophisticated variant of the malware has been identified, employing advanced evasion techniques. The malware uses dual-app deception, ZIP-level evasion, dynamic code loading, and stealth techniques to conduct ad fraud and redirect users to malicious websites. It tampers with the APK's ZIP structure to bypass security checks and complicate reverse engineering. The malware loads encrypted assets at runtime, concealing critical functionality. It mimics legitimate apps, hides its icon, and uses geofencing to adjust behavior by region. The threat actors behind are highly adaptable, consistently updating their methods to evade detection and target various ad networks.

External references