A sophisticated Android dropper impersonating the Google Play Store was discovered, distributing an app called 'GPT Trade'. This malicious application, disguised as an AI trading assistant, actually deploys two dangerous payloads: BTMob spyware and UASecurity Miner. The dropper creates directories, unpacks components, and generates new APK files before silently installing the malware. BTMob grants extensive device access, enabling credential theft and surveillance. UASecurity Miner focuses on persistence and remote control. The attack chain involves social engineering, APK generation, third-party packer services, and multiple command and control endpoints, reflecting a growing trend in modular Android threats.