Researchers have found that mobile malware developers are exploiting a bug in the Google Android platform to insert malicious code into mobile apps without detection. The bug allows attackers to corrupt components of an app so that mobile security scanning tools ignore the new malicious code, while the app as a whole appears valid and is successfully installed. ThreatFabric, a security firm in Amsterdam, has seen an increase in the use of this obfuscation method since April 2023, which they attribute to a semi-automated malware-as-a-service offering in the cybercrime underground. Google has updated its app malware detection mechanisms in response to the findings.
https://krebsonsecurity.com/2023/08/how-malicious-android-apps-slip-into-disguise/