Android APK malformation that evades static analysis
Technical Analysis
Summary
Hide ▲
Show ▼
Android APK malformation has become a widely used malware evasion technique, affecting more than 3000 samples and undermining static analysis workflows. The tactic keeps malicious apps runnable while causing tools such as JADX to crash or misread package contents. That raises the cost of reverse engineering and increases the need for repair and normalization tooling.
Related Happenings
Mini Shai-Hulud npm supply-chain malware wave
Malware Activity
H score68
First: 12.05.2026 14:07
Last: 12.05.2026 14:07
Sources 1
About this happening:
The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Mini Shai-Hulud npm supply-chain malware wave
Malware ActivityAbout this happening: The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Latest development: 09.06.2026 18:42
On June 5, Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub after concerns about potential malicious content tied to the Miasma/Shai-Hulud supply-chain campaign. The action disrupted continuous integration pipelines and broke workflows that depended on Azure/functions-action, while Microsoft said it temporarily removed some repositories during its investigation.
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
H score33
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Mirax Android banking trojan with residential proxy nodes
Malware Activity
H score37
First: 13.04.2026 17:30
Last: 13.04.2026 17:30
Sources 1
About this happening:
Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Mirax Android banking trojan with residential proxy nodes
Malware ActivityAbout this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Android RAT campaign using Hugging Face dropper lure
Campaign
H score37
First: 16.02.2026 12:24
Last: 16.02.2026 12:24
Sources 1
About this happening:
In recent weeks, a **live Android RAT campaign** has used **Hugging Face** to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as *...
Android RAT campaign using Hugging Face dropper lure
CampaignAbout this happening: In recent weeks, a **live Android RAT campaign** has used **Hugging Face** to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as *...
Timeline
-
16.04.2026 18:45 2 articles · 2mo ago
Cleafy reports APK malformation as an Android malware evasion tactic
Technical Analysis UpdateCleafy's Threat Intelligence and Incident Response team says APK malformation uses broken or non-standard APK structures to keep malicious Android apps installable and runnable while causing static analysis tools such as JADX to crash or misinterpret the file; the technique has been identified in more than 3000 malicious samples across Teabot, TrickMo, Godfather and SpyNote, and the team released Malfixer on GitHub to detect, repair and rebuild malformed APKs for conventional reverse engineering tools.
Show sources
- APK Malformation Found in Thousands of Android Malware Samples — www.infosecurity-magazine.com — 16.04.2026 18:45
- APK Malformation Found in Thousands of Android Malware Samples — www.infosecurity-magazine.com — 16.04.2026 18:45