Security News > 2023 > August > Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Threat actors are using Android Package files with unknown or unsupported compression methods to elude malware analysis.
"In order to do that, the APK, is using an unsupported decompression method."
The advantage of such an approach is its ability to resist decompilation tools, while still being able to be installed on Android devices whose operating system version is above Android 9 Pie.
Roid packages use the ZIP format in two modes, one without compression and one using the DEFLATE algorithm.
The crucial finding here is that APKs packed using unsupported compression methods are not installable on handsets running Android versions below 9, but they work properly on subsequent versions.
The disclosure comes weeks after Google revealed that threat actors are leveraging a technique called versioning to evade its Play Store's malware detections and target Android users.
News URL
https://thehackernews.com/2023/08/thousands-of-android-malware-apps-using.html
Related news
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- Russian army targeted by new Android malware hidden in mapping app (source)