Yeah, I read articles calling it sophisticated. This is a super simple and straight forward worm. Disguise yourself as a known app and ask for more permission than you should. IDN exploits [0] and attachment faking [1] are more sophisticated if anything.
Its sophisticated in the sense that it makes you trust them and willingly share your information with them. It doesn't rely on some brute force method or some complicated hacking method, it simply rely on a modern workflow that people are used to go through without thinking twice about it. It is simple and incredibly efficient.
[0] https://www.wordfence.com/blog/2017/04/chrome-firefox-unicod...
[1] http://fortune.com/2017/01/18/google-gmail-scam-phishing/