https://threatpost.com/gunpoder-android-malware-hides-malicious-behaviors-in-adware/113654
"The Gunpoder malware is spreading via third-party Android app stores hiding in a Nintendo Entertainment System (NES) video game emulator that is freely available online. The attackers are seeding the emulator with an aggressive ad library called Airpush, and hiding malicious behaviors such as the collection of device and user data and communication with an attacker’s server in the library knowing that security technologies will detect it as adware and mark it benign."
"Gunpoder targets Android users in at least 13 different countries, including Iraq, Thailand, India, Indonesia, South Africa, Russia, France, Mexico, Brazil, Saudi Arabia, Italy, the United States, and Spain. One interesting observation from the reverse engineering of Gunpoder is that this new Android family only propagates among users outside of China."