Researchers at Zscaler have reported on one of these third-party app stores: Smart Content Store, available via sexy.smartcontentstore[.]com and games.smartcontentstore[.]com, and offering new and updated apps. But Smart Content Store doesn’t deliver standard Android apps — it always delivers an APK for one particular malicious app.
“We started seeing payloads for this strain from mid-February,” Deepen Desai, VP of security research and operations at Zscaler, told SecurityWeek; “and have seen 47 unique payloads all of which have different package names and certificates, but exhibit the same functionality.”