Recent Android Malwares successfully upload their APKs to Google Play by
hiding their malicious code in separate .dex libs, dynamically loading them at
a specific time, and thus bypassing the app store tests.
I've created a POC of doing just that, but instead of loading code from
local assets (as I've seen in some malwares), I first downloaded it from a
server (making it harder to detect) and only then side-loaded it to the app's code.
This can be changed to be run after a specific time or activity with a switch,
so the malicious code won't run on Google Play's tests.
From the creators of TheNiceRansomware, I give you: