Researchers found a new version of the Tushu SDK, which was seen infecting apps on Google Play earlier this year. The lookalike “Twoshu” SDK contains obfuscation and anti-analysis tactics. It could display full-screen ads out of the app’s context, meaning ads could appear even if the app wasn’t running in the foreground. Researchers published their analysis, and Crazy Brainstorming was taken down in March 2019. The White Ops Threat Intelligence Team plans to continue monitoring this SDK for continued attacks.”]