A recent study has shed light on the tactics employed by malicious actors who are utilizing unsupported or heavily modified compression methods to embed malware within regular Android APK files. This innovative approach allows them to elude detection by security software.
Mobile security firm Zimperium conducted an investigation into this issue, finding that hackers are incorporating malevolent files into APKs using compression algorithms that are not sanctioned or have been altered. These manipulated APKs prove challenging for cybersecurity experts and antivirus solutions to decompile effectively. Consequently, threat actors can effortlessly implant malware and circumvent security safeguards.
The inquiry was sparked by observations made by ‘Joe Security,’ a Switzerland-based security company. Joe Security highlighted instances where APKs managed to evade expert analysis by utilizing unusual compression techniques. Zimperium’s comprehensive study disclosed that over 3,000 Android applications currently employ these atypical anti-analysis approaches.
Despite some of these applications crashing due to their unconventional coding, researchers discovered that more than 71 APKs function flawlessly on Android Pie (version 9) and newer iterations. Notably, none of these apps were available on the official Play Store, hinting at distribution through third-party app stores or sideloading.
For those unfamiliar with the concept, sideloading refers to installing apps from unofficial sources like APK files shared via messaging platforms such as WhatsApp and Telegram, or alternative stores like F-Droid and Aptoide, rather than the official Google Play Store.
To safeguard your Android device against such threats, experts recommend refraining from sideloading apps whenever possible and sticking to applications sourced from the Google Play Store. In cases where sideloading is necessary, it’s crucial to scan the APK using reputable antivirus tools prior to installation. Users are also advised to monitor the permissions requested by apps during and after installation to ensure their safety and privacy.