The same app, now a contact-wiper: an APK repackaging attack on Apple Silicon
Take a trusted Android app, inject a payload, and re-sign it so it still installs as legitimate — then do the whole thing on an M-series Mac instead of the prescribed Ubuntu VM, where four things break that no tutorial warns you about.