The attackers are gaining (https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html ) the popularity of darknet is a service that allows you to plant malicious code in legitimate Android applications. The developers claim that their builds are not detected during operation and bypass the protection of Google Play. The main requirement for the application is that it can be decompiled by apktool.
To bypass detection, the malware is loaded under the guise of a plugin after installation. Malicious code is bound to the original in small chunks, hence the apt name of the dropper – Zombinder. Ermac and Xenomorph infostilers have already been noticed in the network wilds, hooked up to half a dozen applications. So between chatbots writing phishing emails for you and similar services, the entry threshold for novice mom’s cybercriminals becomes very low.