VERY IMPORTANT

The “Deceive the Heavens to Cross the sea” stratagem comes from the first chapter of the ‘Thirty-Six Stratagems’, a famous Chinese collection of tactics and techniques used in politics, war and civil life. It translates to “hide in plain sight” or “mask your true goals”. Android banking trojan actors have taken this stratagem to heart and have been very adaptable over years to new Google Play app store restrictions introduced to limit their operations. These restrictions include setting limitations on the use of certain (dangerous) app permissions, which play a big role in distributing or automating malware tactics.