Recently, a significant security threat has emerged involving the Konfety Group, a Russian cybercrime organization. The group has been identified as targeting Android users globally through a campaign using malicious apps disguised as legitimate ones. Known collectively as the “Konfety Apps,” these malicious applications were distributed via the Google Play Store before being removed. The primary aim of this campaign appears to be advertisement fraud, which the attackers achieve through a sophisticated modus operandi.
The attackers employ advertising campaigns to promote modified APKs (Android Application Packages) that redirect users to download these malicious apps. The Konfety malware involves a dropper APK, which further loads an obfuscated stager and a backdoored SDK. This makes the malware highly evasive and difficult to detect. The decoy apps used in this campaign appear harmless but are actually designed to commit ad fraud, install secondary payloads, and facilitate code injection.
While Google has removed the Konfety apps from the Play Store, users who have installed any of these malicious apps should take the following steps:
| Step | Action |
|---|---|
| 1 | Uninstall: Immediately uninstall the specific Konfety app. |
| 2 | Factory Reset: Perform a factory reset on your device. |
| 3 | Backup: Take a backup of personal media files (excluding device/system apps). |
| 4 | Permissions: Restrict unnecessary app permissions and set them to “While Using App Only.” |
| 5 | Source: Download and install software only from official app stores like the Play Store or the iOS App Store. |
| 6 | Updates: Keep your smartphone, OS, and apps updated. |
| 7 | Monitor: Regularly check the smart devices/Wi-Fi data usage of apps installed on your device. |
| 8 | Security Software: Use reputable anti-virus and internet security software. |
List of Konfety Malicious Evil Twin Decoy Apps
Below is a list of the malicious apps identified and removed from the Google Play Store: Download Complete list here
| Ser | App Name |
|---|---|
| 1 | Best Status |
| 2 | Learn English Urdu |
| 3 | Akbar |
| 4 | Galaxy Fighter |
| 5 | Dream Head Soccer |
| 6 | Drive me |
| 7 | Sweet Candy Cream Rain |
| 8 | Double Co |
| 9 | Block Puzzle |
| 10 | Goddess Photo |
| … | … |
| 240 | Dict En Hi Free |
| 241 | Picture Game |
| 242 | Nbzh |
| 243 | Fallin Ball |
| 244 | English Audio Story |
| 245 | Flib Bottle |
| 246 | Stickman Backflip Pro |
| 247 | Coloring App |
| 248 | Slime Wallpapers |
| 249 | TSR |
| 250 | Hidden Object |
The Konfety Group’s attack highlights the importance of vigilance when downloading apps and managing app permissions. By following the recommended mitigation steps, users can protect themselves from the harmful effects of these malicious applications.
Leave a Comment