© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
A new study suggests threat actors are using unconventional compression algorithms to distribute Android APKs infected by malware and evade detection by antivirus programs.
According to a report by BleepingComputer, a mobile security firm named Zimperium found that malicious files are being injected using unsupported or modified compression algorithms. Since cybersecurity researchers and antivirus software are currently unable to decompile the APK files, threat actors are injecting malware into APKs and are able to easily bypass security measures.
Zimperium started diving into the issue after a Switzerland-based security firm named ‘Joe Security’, which analyzes malware on Windows, Linux, macOS and Android posted on X showcasing how some APKs were able to evade security analysis by experts using unusual compression techniques.
A recently published study by zLab claims more than 3,000 Android apps are currently using these untraditional anti-analysis methods. Even though many apps crash due to this very reason, researchers found out that more than 71 APKs are running without any issues on Android Pie (Android 9) and newer versions.
While none of these apps were listed on the Play Store, Zimperium suggests they were distributed by third-party app stores or sideloaded. For the uninitiated, sideloading refers to the installation of apps via unofficial sources like APKs sent over WhatsApp, Telegram or Google Play Store alternatives like F-Droid and Aptoide.
If you want to protect your Android device against such threats, the best way is to avoid sideloading apps until necessary and stick to apps found on Google Play Store. In case you have to sideload an app, make sure you scan it using reputed antivirus tools before installing it. Users should also keep track of the permissions the app requests during or after installation.
