Attackers are starting to move on from simple attacks, mainly because users are beginning to figure out that the free adult entertainment or chat app shouldn't be sending SMS messages to expensive numbers. They're leveraging techniques from PC malware like server-side polymorphism, vulnerability exploits, botnets and network updates, and preemptive/direct attacks against security software. It's not all that bad. Attackers aren't going out of their way to discover their own vulnerabilities or writing their own exploits. They're happy to re-purpose the work done by legitimate developers, security researchers, and the rooting community. If the malware has gotten trickier, what are those tricks? A look at portions of code and how earlier research is adapted by attackers.