Security News > 2023 > August > Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Threat actors are using Android Package files with unknown or unsupported compression methods to elude malware analysis.
"In order to do that, the APK, is using an unsupported decompression method."
The advantage of such an approach is its ability to resist decompilation tools, while still being able to be installed on Android devices whose operating system version is above Android 9 Pie.
Roid packages use the ZIP format in two modes, one without compression and one using the DEFLATE algorithm.
The crucial finding here is that APKs packed using unsupported compression methods are not installable on handsets running Android versions below 9, but they work properly on subsequent versions.
The disclosure comes weeks after Google revealed that threat actors are leveraging a technique called versioning to evade its Play Store's malware detections and target Android users.
News URL
https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)