Security News > 2023 > August > Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Threat actors are using Android Package files with unknown or unsupported compression methods to elude malware analysis.
"In order to do that, the APK, is using an unsupported decompression method."
The advantage of such an approach is its ability to resist decompilation tools, while still being able to be installed on Android devices whose operating system version is above Android 9 Pie.
Roid packages use the ZIP format in two modes, one without compression and one using the DEFLATE algorithm.
The crucial finding here is that APKs packed using unsupported compression methods are not installable on handsets running Android versions below 9, but they work properly on subsequent versions.
The disclosure comes weeks after Google revealed that threat actors are leveraging a technique called versioning to evade its Play Store's malware detections and target Android users.
News URL
https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)