Home Security 1000’s of Android Malware Apps Utilizing Stealthy APK Compression to Evade Detection

1000’s of Android Malware Apps Utilizing Stealthy APK Compression to Evade Detection

by crpt os


Aug 19, 2023THNMobile Security / Malware

Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis.

That’s according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems.

There is no evidence that the apps were available on the Google Play Store at any point in time, indicating that the apps were distributed through other means, typically via untrusted app stores or social engineering to trick the victims into sideloading them.

Cybersecurity

The APK files use “a technique that limits the possibility of decompiling the application for a large number of tools, reducing the possibilities of being analyzed,” security researcher Fernando Ortega said. “In order to do that, the APK (which is in essence a ZIP file), is using an unsupported decompression method.”

The advantage of such an approach is its ability to resist decompilation tools, while still being able to be installed on Android devices whose operating system version is above Android 9 Pie.

The Texas-based cybersecurity firm said it started its own analysis after a post from Joe Security on X (previously Twitter) in June 2023 about an APK file that exhibited this behavior.

Cybersecurity

Android packages use the ZIP format in two modes, one without compression and one using the DEFLATE algorithm. The crucial finding here is that APKs packed using unsupported compression methods are not installable on handsets running Android versions below 9, but they work properly on subsequent versions.

In addition, Zimperium discovered that malware authors are also deliberately corrupting the APK files by having filenames with more than 256 bytes and malformed AndroidManifest.xml files to trigger crashes on analysis tools.

The disclosure comes weeks after Google revealed that threat actors are leveraging a technique called versioning to evade its Play Store’s malware detections and target Android users.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex