New Android Package Files Employ Unknown Compression Methods to Evade Malware Analysis>
– Kathryn Hernandez
Cybersecurity firm Zimperium has uncovered threat actors using Android Package (APK) files with unknown or unsupported compression methods to avoid detection during malware analysis. Zimperium identified 3,300 artifacts utilizing these compression algorithms, with 71 samples successfully loaded onto operating systems without issues. These apps were not distributed through the Google Play Store, suggesting they were disseminated through untrusted app stores or social engineering tactics. The APK files employ an unsupported decompression method that limits decompilation and analysis. This method is compatible with Android devices running operating system versions above Android 9 Pie. Zimperium’s investigation was prompted by a post from Joe Security on X (previously Twitter) in June 2023. The APK files also intentionally corrupt filenames and AndroidManifest.xml files to trigger crashes on analysis tools, making it more challenging for analysts to assess the malware’s behavior. This discovery follows Google’s recent disclosure of threat actors using versioning techniques to evade malware detection on its Play Store, posing a significant risk to Android users’ security.
Link: https://dtgreviews.com/uncategorised/thousands-of-android-malware-apps-using-stealthy-apk-compression-to-evade-detection/166161/