A security engineer for Google Android security found a new anti-analysis library being used by a few large malicious campaigns in the Android ecosystem. Maddie Stone describes the defense architecture as a “wedding cake” because there are many layers to the defense. One of the primary campaigns she’s seen uses this library to re-launch Chamois, a Trojan that Google engineers were able to shut down in 2017. The attackers are depending on users willing to side-load software to gain entry to a particular Android phone, she says.”]