Related Links

Zimperium, the global pioneer in mobile security, announces the discovery of a new, highly evasive variant of the Konfety malware targetting Android devices.

Identified by Zimperium’s zLabs team, this latest version leverages advanced obfuscation and ZIP-level evasion techniques, making it significantly more difficult to detect and analyse than previous iterations.

Konfety malware campaign

The Konfety malware campaign uses a deceptive dual-app strategy—leveraging the same package name for both a benign Play Store app and a malicious version distributed via third-party sources—to trick users and bypass traditional detection methods.

It further evades analysis by tampering with the APK’s structure, including declaring unsupported compression formats and manipulating ZIP headers to confuse security tools.

This isn’t just a recycled threat—it’s a deeply engineered update designed to outsmart analysts and evade automated tools,” said Nico Chiaraviglio, Chief Scientist at Zimperium. “The threat actors are actively modifying their tactics to stay ahead, and Konfety is a prime example of how mobile malware is evolving.”

Alarming tactics

Among the most alarming tactics:

  • Dynamic code loading: Malicious code is decrypted and executed only at runtime, hidden from traditional scans.
  • Fake app behaviour: The malware suppresses its icon, mimics legitimate app metadata, and redirects users through ad fraud infrastructure.
  • ZIP-level obfuscation: Techniques cause common analysis tools to crash or misinterpret the APK as password-protected or malformed.

Zimperium's analysis

Zimperium's analysis confirmed Konfety leverages the CaramelAds SDK to silently deliver payloads, push persistent spam-like browser notifications, and facilitate fraud.

The campaign uses region-specific behaviors, geofencing European users away from suspicious sites while targetting others more aggressively.

Konfety manipulates Android’s APK ZIP structure in a way that causes popular reverse engineering tools to crash entirely, demonstrating a new level of sophistication in mobile malware evasion.

Stay ahead of the trends on securing physical access control systems through layered cybersecurity practices.

Related videos

Insta DomainLink Secret™

Insta DomainLink Secret™
Wan 2.2-S2V demo video: Female singer

Wan 2.2-S2V demo video: Female singer
Dahua MultiVision Online Event - Look Wider, Protect Deeper

Dahua MultiVision Online Event - Look Wider, Protect Deeper

In case you missed it

What are emerging applications for physical security in transportation?
What are emerging applications for physical security in transportation?

Transportation systems need robust physical security to protect human life, to ensure economic stability, and to maintain national security. Because transportation involves moving...

Gallagher & Fortified enhance perimeter security solutions
Gallagher & Fortified enhance perimeter security solutions

Global security manufacturer - Gallagher Security is proud to announce a strategic partnership with Fortified Security, a pioneering perimeter systems integrator with over 30 years...

Genetec: Data sovereignty in physical security
Genetec: Data sovereignty in physical security

Genetec Inc., the global pioneer in enterprise physical security software, highlights why data sovereignty has become a central concern for physical security leaders as more survei...

Featured white papers
One system, one card

One system, one card

Download
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Understanding AI-powered video analytics

Understanding AI-powered video analytics

Download
Enhancing physical access control using a self-service model

Enhancing physical access control using a self-service model

Download
How to implement a physical security strategy with privacy in mind

How to implement a physical security strategy with privacy in mind

Download
More corporate news
Mayflex website launch: Infrastructure & security

Mayflex website launch: Infrastructure & security
Copeland expands with MJ Tyson Security contracts

Copeland expands with MJ Tyson Security contracts
Signicat acquires Inverid: Boosting NFC verification

Signicat acquires Inverid: Boosting NFC verification
Featured products
Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera

Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera
Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control

Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)