Security researchers have discovered Android malware that was undetectable even with highly specialized detection software. The trick hackers use to do this is simple – but effective.
Google uses advanced security measures to prevent malware on Android smartphones. However, due to the sheer size of the platform, it is quite common for infected apps to find their way onto users’ end devices. For that case, there are security researchers who spend their time uncovering new malware threats for smartphones. Researchers have tools at their disposal that go far beyond the functionality of antivirus software. However, hackers are increasingly able to hide their attacks from them.
Also read: How to protect electronic devices during thunderstorms
Android malware hidden from security analysis
A recent report by security company Zimperium uncovers a method that protects malware-infected apps from detection. To do this, hackers resort to modified compression algorithms that they use for the installation packages of the infected apps.
The Android operating system uses so-called APKs – Android Package Kits – to install apps. These are decompiled on the smartphone, which means that the code they contain is executed. Hackers use compression algorithms to “pack” the apps, which make it impossible to read them with security software.
The trick is that the malware-infected apps can sometimes be installed and used on the smartphone without any problems – while they only cause error messages for security researchers. According to the Zimperium report, out of 3300 APKs using this method, 71 can be installed and used as apps on smartphones running Android 9 or later. Older versions of Android don’t support the decompilation of apps with alternative compression methods and are therefore, curiously, better protected.
Also Read: Malware-Infected Apps for Android and iOS You Should Delete Immediately
Compression method complicates the work of security researchers
While this does not mean that this malware is not identifiable at all. However, this method leads to delays in the detection of new malware campaigns because they remain hidden longer. The more time researchers have to spend trying to figure out which apps contain malware, the less time they have to understand it before millions of users are affected.
According to the Zimperium report, none of the affected apps can be found in the Google Play Store. So far, distribution has only taken place via third-party stores and APK websites. The full list of affected apps is here to find.
For now, the only way to protect yourself from this method is to only install apps from trusted sources. After installing and before using the app, scanning with an antivirus program can also help to detect malware in good time.