In 2016, a sophisticated malware campaign targeting Pakistani nationals made headlines. Dubbed Bitter, the Advanced Persistent Threat group (also known as APT-C-08) has been active both in desktop and mobile malware campaigns for quite a long time, as their activity seems to date back to 2014.
This paper is a technical account of the developments related to Bitter, its evolution and how, steadily and surely, threat actors are upping their game and poking holes in Google Play to use it as a propagation vector.