Security News > 2023 > August > Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Threat actors are using Android Package files with unknown or unsupported compression methods to elude malware analysis.
"In order to do that, the APK, is using an unsupported decompression method."
The advantage of such an approach is its ability to resist decompilation tools, while still being able to be installed on Android devices whose operating system version is above Android 9 Pie.
Roid packages use the ZIP format in two modes, one without compression and one using the DEFLATE algorithm.
The crucial finding here is that APKs packed using unsupported compression methods are not installable on handsets running Android versions below 9, but they work properly on subsequent versions.
The disclosure comes weeks after Google revealed that threat actors are leveraging a technique called versioning to evade its Play Store's malware detections and target Android users.
News URL
https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)
- Germany blocks BadBox malware loaded on 30,000 Android devices (source)
- Android malware found on Amazon Appstore disguised as health app (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)