The modified apps are identical to their original counterparts and perform their legit functions normally and download a payload as an Android Dalvik executable file after profiling the victim’s phone. Most of the malicious features are embedded in the DEX payload.
Read full article on HackRead