In a recent study, Zimperium uncovered a concerning trend in Android malware that uses a tricky method to hide itself from antivirus programs. This APK can be installed on Android devices with an OS version above Android 9 Pie (API 28), reducing the possibility of being analyzed.
How was this made possible
- According to researchers, it was achieved by using an unsupported decompression method in the APK, which is essentially a zip file.
- While the technique is not new and was first demonstrated in 2014, security researchers have begun noticing its impact only lately.
- For instance, Zimperium found over 3,000 APKs in the wild, using this suspicious compression technique.
- A rather concerning part is that these APKs were not found on the official Google Play Store, indicating distribution via third-party app stores or sideloading using some social engineering or phishing attack.
Another sneaky tactic emerging lately
- Just a few days back, Google revealed that hackers are still able to use a technique known as versioning to slip malware onto Android devices while evading the Play Store’s security processes.
- In this method, a developer releases an initial version of an app on the Play Store that passes Google's pre-publication checks but is later updated with a malware component.
- This is achieved by pushing an update from an attacker-controlled server to serve malicious code on the end user device using a method called Dynamic Code Loading (DCL), thus, turning the app into a backdoor.
Stay safe
Avoid sideloading apps on Android phones to prevent the risk of having this type of malware. The rule of thumb is that users must download apps only from official Play Store apps. However, if one still has to sideload an app for work, it is recommended to install it with utmost precaution.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_432177085.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/285c_shutterstock_2160496255.jpg)
