Security News > 2023 > August > Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Threat actors are using Android Package files with unknown or unsupported compression methods to elude malware analysis.
"In order to do that, the APK, is using an unsupported decompression method."
The advantage of such an approach is its ability to resist decompilation tools, while still being able to be installed on Android devices whose operating system version is above Android 9 Pie.
Roid packages use the ZIP format in two modes, one without compression and one using the DEFLATE algorithm.
The crucial finding here is that APKs packed using unsupported compression methods are not installable on handsets running Android versions below 9, but they work properly on subsequent versions.
The disclosure comes weeks after Google revealed that threat actors are leveraging a technique called versioning to evade its Play Store's malware detections and target Android users.
News URL
https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)