An Android spyware family is using the Droid plugin open-source sandbox to evade detection by anti-virus software installed on infected devices. The offending trojan, which goes by the name Triada, has been targeting Android users since at least mid-2016. Triada uses the sandbox to invoke malicious APK plugins it hides in its asset directory. One plugin communicates with the malwares command and control (C&C) server, for example. Another enables the program to conduct radio monitoring of the device.”]