Avatar
Herjan Security 2y ago

How malicious Android apps bypass security: Researchers have discovered that a bug in the Google Android platform allows malware to be disguised in mobile apps, avoiding detection by security tools. The bug corrupts app components so that the malicious code is ignored as invalid, while the app as a whole is accepted as valid by Android OS and installed successfully. Google has updated its malware detection mechanisms in response to this research. #Android #malware #security

Malware obfuscation method: ThreatFabric, a security firm based in Amsterdam, has identified a malware obfuscation method used by mobile malware purveyors. They have found that the method involves corrupting app components to trick popular mobile security scanning tools into ignoring the malicious code. This allows the malware to go undetected while the entire app is installed and considered valid. #malware #security #Android

Increase in malware obfuscation: ThreatFabric has observed an increase in the use of the malware obfuscation method by mobile malware families. They attribute this increase to a semi-automated malware-as-a-service offering in the cybercrime underground. This service obfuscates or "crypts" malicious mobile apps for a fee, allowing malware to evade security scanning tools. #malware #obfuscation #cybercrime

Tell-tale signs of malware: App analyzers can look for specific signs to identify if an app is abusing the obfuscation method. One sign is that modified apps have Android Manifest files with newer timestamps compared to other files in the package. Additionally, the Manifest file itself will be changed to have a different number of "strings" than what is actually present in the app. These signs can indicate that an app is disguising itself as benign. #malware #Android #threatindicators

Google's response: Google acknowledges the issue and has updated its malware detection mechanisms to address apps abusing the obfuscation method. However, some developer tools, such as APK Analyzer, still fail to parse these malicious applications correctly. Google is investigating possible fixes for the developer tools and plans to update its documentation accordingly. #Google #malwaredetection #developer

Google Play Store's malware problem: Google has faced criticism for not proactively monitoring its Play Store for malicious apps or providing adequate notifications to users when malware is discovered on its platform. The Play Store has been a significant source of malware for years, and users often do not receive notices or advice on remediation. This lack of action has led to concerns about negligence and privacy. #GooglePlayStore #malware #privacy

https://krebsonsecurity.com/2023/08/how-malicious-android-apps-slip-into-disguise/

Reply to this note

Please Login to reply.

Discussion

No replies yet.