Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,231
- Points
- 113
A set of malicious APK files, named "BadPack", makes it difficult to detect malware in applications for the Android mobile operating system. Researchers blame BadPack for recent successful attacks by banking Trojan operators like TeaBot.
A special feature of BadPack is the modified header of the compressed APK file. This approach makes it difficult for reverse engineering tools to work.
A team of specialists from Unit 42 (owned by Palo Alto Networks) points out in a new report on statistics for last year: researchers managed to detect about 9200 BadPack samples in Android programs.
Some of these applications were quite calmly placed in the official Google Play Store. Although later Google announced that it had removed all the mentioned malicious software.
It is BadPack that can be the reason for the difficulties that experts face when analyzing malware for Android.
"APKs that use BadPack demonstrate well the growing complexity of malware in the APK format. Being quite a complex task for information security analysts, BadPack once again emphasizes the need for constant development of counteraction tools," explains Lee Wei-yong from Unit 42.
To make sample analysis more difficult, attackers change the ZIP header of the BadPack APK file. This is used by many well-known Trojans for Android devices: TeaBot, BianLian, and Cerberus.
By modifying the header structure, cybercriminals force the APK file to give an error when unpacking and decoding the file. AndroidManifest.xml.
"This method causes a chain reaction of errors in the static analysis process. As a result, the file cannot be read and processed," notes Lee Wei Yong.
A special feature of BadPack is the modified header of the compressed APK file. This approach makes it difficult for reverse engineering tools to work.
A team of specialists from Unit 42 (owned by Palo Alto Networks) points out in a new report on statistics for last year: researchers managed to detect about 9200 BadPack samples in Android programs.
Some of these applications were quite calmly placed in the official Google Play Store. Although later Google announced that it had removed all the mentioned malicious software.
It is BadPack that can be the reason for the difficulties that experts face when analyzing malware for Android.
"APKs that use BadPack demonstrate well the growing complexity of malware in the APK format. Being quite a complex task for information security analysts, BadPack once again emphasizes the need for constant development of counteraction tools," explains Lee Wei-yong from Unit 42.
To make sample analysis more difficult, attackers change the ZIP header of the BadPack APK file. This is used by many well-known Trojans for Android devices: TeaBot, BianLian, and Cerberus.
By modifying the header structure, cybercriminals force the APK file to give an error when unpacking and decoding the file. AndroidManifest.xml.
"This method causes a chain reaction of errors in the static analysis process. As a result, the file cannot be read and processed," notes Lee Wei Yong.
