A new variant of the Konfety malware targets high-end Android devices using sophisticated evasion techniques, including distorted APK files to avoid detection. This version disguises itself as legitimate applications, imitating popular apps on the Google Play Store. It employs an 'evil twin' tactic, emphasizing the need to download software only from trusted publishers and avoiding third-party APKs. The malware can redirect users to harmful websites, install unwanted software, and generate misleading notifications. It displays ads through the CaramelAds SDK and can exfiltrate sensitive data such as installed applications and network configurations. Konfety can conceal its app icon and name, using geofencing to alter behavior based on location, and employs an encrypted DEX file to hide services. To evade analysis, it manipulates APK files to appear encrypted, causing misleading prompts during inspection, and compresses critical files with BZIP, leading to parsing failures. Users are advised to avoid sideloading apps, ensure Google Play Protect is enabled, and consider installing a reputable antivirus to enhance security.