tldr - powered by Generative AI

• SoumniBot uses invalid Compression method values to write uncompressed data in the manifest file, tricking the Android APK parser.
• The trojan misrepresents the manifest file size, causing the parser to ignore the 'overlay' data and only copy the 'uncompressed' file.
• SoumniBot utilizes long XML namespace names in the manifest file to make it difficult for analysis tools to allocate enough memory.
• The malware searches for digital certificates issued by Korean banks, a technique uncommon for Android banking malware.
• SoumniBot is designed to collect and send sensitive information, manipulate device settings, and evade detection by hiding its icon.