We recently came across mobile malware that uses a sandbox, like the malware that posed as dual instance and took advantage of VirtualApp, to steal user’s Twitter credentials. We suspect that cybercriminals are once again using a sandbox to try to avoid antivirus detection.