Researchers at Zimperium have pushed back another cloud of uncertainty regarding malware.
Attackers are increasingly using clever methods to hide the real purpose of malware for Android. A new report by experts from Zimperium, a company specializing in mobile device protection, warns about this alarming trend.
Analysts analyzed more than three thousand APK files from unofficial sources. It turned out that many of them use unsupported or unknown data compression algorithms. This allows malware to successfully resist static analysis and makes it difficult for cybersecurity specialists to learn how it works.
Researchers identified 71 actively distributed malware programs. Each one works without any problems on Android 9 and more recent versions. Hiding the malicious component of applications became possible thanks to the use of unsupported compression methods, which previously led to a banal crash from the program, but now simply mask its malicious activity.
In addition, some malware samples use file names that are longer than 256 bytes. This causes code analysis tools to malfunction. Another common technique identified by experts is masking and changing the contents of the file AndroidManifest.xml responsible for the app settings.
According to Zimperium experts, all these methods are aimed solely at concealing the true goals of malware. Although the specific attack options are still unknown, it is obvious that the developers of such applications are far from well-intentioned.
At the moment, none of the identified apps are available in the official Google Play store. However, they are actively distributed through unofficial resources. In their report, the researchers also published hashes of these files so that users can check their devices and remove dangerous programs, if any.
To protect yourself from the latest threats for Android, experts recommend:
Only constant vigilance and caution will help protect your Android smartphone and its data from more and more malicious tricks.
Attackers are increasingly using clever methods to hide the real purpose of malware for Android. A new report by experts from Zimperium, a company specializing in mobile device protection, warns about this alarming trend.
Analysts analyzed more than three thousand APK files from unofficial sources. It turned out that many of them use unsupported or unknown data compression algorithms. This allows malware to successfully resist static analysis and makes it difficult for cybersecurity specialists to learn how it works.
Researchers identified 71 actively distributed malware programs. Each one works without any problems on Android 9 and more recent versions. Hiding the malicious component of applications became possible thanks to the use of unsupported compression methods, which previously led to a banal crash from the program, but now simply mask its malicious activity.
In addition, some malware samples use file names that are longer than 256 bytes. This causes code analysis tools to malfunction. Another common technique identified by experts is masking and changing the contents of the file AndroidManifest.xml responsible for the app settings.
According to Zimperium experts, all these methods are aimed solely at concealing the true goals of malware. Although the specific attack options are still unknown, it is obvious that the developers of such applications are far from well-intentioned.
At the moment, none of the identified apps are available in the official Google Play store. However, they are actively distributed through unofficial resources. In their report, the researchers also published hashes of these files so that users can check their devices and remove dangerous programs, if any.
To protect yourself from the latest threats for Android, experts recommend:
- If possible, opt out of installing apps from unverified sources and give preference only to the official Google Play store.
- Carefully review the permissions requested by the app before installing it. Reject requests that are not related to the main functions.
- Do not root your devices to prevent apps from being granted elevated privileges.
- Be sure to check any installed applications with an antivirus program before launching.
Only constant vigilance and caution will help protect your Android smartphone and its data from more and more malicious tricks.
