Hackers are using new compression technique to hide malware in APK files

Hotstar in UAE
Hotstar in UAE

Threat actors are always on the lookout for new ways to infiltrate your devices and gain unauthorized access. Now, according to a report from security firm Zimperium, a prominent participant in the ‘App Defense Alliance,’ hackers have found a new way to discretely spread malware on devices by using a novel compression technique on APK files, which effectively makes the malware invisible to conventional security measures.

The new technique was first reported by Joe Security, who discovered that an APK managed to remain inscrutable to analysis, all while seamlessly executing on Android devices. This is because, unlike traditional malware that triggers recognizable alarm bells, the new tactics allow hackers to remain in uncharted territory for both antivirus programs and cybersecurity experts. One such tactic involves using filenames that exceed the 256-character limit, deliberately causing crashes in various analysis tools. Additionally, hackers also manipulate the AndroidManifest.xml files and employ malformed String Pools to disrupt tools that handle Android XML files.

Moreover, to make matters worse, the report also discovered a staggering 3,300 APKs, which are presently employing these novel anti-analysis techniques. And although most of these APKs are corrupted beyond a point where Android can load them, a subset of 71 malicious APKs has been proven to operate seamlessly on Android OS versions 9 (API 28) and later.

Not on the Play Store

Although the new type of malware could wreak havoc for Android users, the report highlights that none of the applications exploiting this new APK compression technique has breached Google’s Play Store. As a result, users who refrain from sideloading apps – that is, installing applications from sources outside the official Play Store – are presently safe.

Nonetheless, this report once again highlights the importance of maintaining caution while downloading things directly from the internet. However, in situations where external app sources are unavoidable, users should perform antivirus scans on their devices and refrain from granting unnecessary permissions to apps.

2023-08-21 15:07:26