Thousands of Android malware apps use stealthy APKs to bypass security, study finds
A new type of Android malware hides itself from antivirus software with unusual anti-analysis method
Hackers are always cooking up new ways to get their malicious apps onto your smartphone. The latest tool in their arsenal is a new type of Android malware that can conceal itself from the best antivirus apps by using a novel anti-analysis method for Android Package, or APK, files.
That's according to recent findings from Zimperium, a mobile security firm dedicated to identifying and eliminating malware from the Google Play store. APKs are package files used to install and distribute apps across Google's mobile ecosystem. These malicious files resist decompilation (a.k.a. the process antivirus software uses to flag suspicious code) by using unsupported or heavily manipulated compression algorithms.
Since this tactic is unknown to antivirus programs and cybersecurity researchers are only just discovering it, it enables malware to pose as a regular app and completely bypass security measures. A Zimperium report published this week found 3,300 APKs using this suspicious compression method in the wild. And 71 of the identified samples work fine on Android OS version 9 and later.
BleepingComputer reports Zimperium began looking into the issue after Joe Security, a Switzerland-based security firm that specializes in deep malware analysis for Windows, macOS, Linus, and Android, released a report showcasing an APK that could bypass malware analysis yet run seamlessly on Android.
What is the best way to bypass #Malware analysis on #Android? Checkout the local and central Zipfile header of APK 2f371969faf2dc239206e81d00c579ff and tell us what you see. We tested various tools and they all failed. https://t.co/WZoAggsnMy pic.twitter.com/cItKYyN2eqJune 28, 2023
Zimperium notes it didn't find evidence that the apps affiliated with the 3,300 APKs flagged in its analysis were listed on the Google Play Store at any point in time. That suggests the apps were distributed through alternative means, such as third-party app stores or sideloading.
The best Android phones have always offered the ability to sideload apps by downloading and installing an APK file, though you'll first need to enable the ability to install apps from unknown sources in your phone’s settings. And while sideloading has its legitimate use cases, it's also frequently exploited by bad actors to sneak malware onto otherwise legitimate-looking apps.
The good news is if you don't sideload apps on your Android phone, you're unlikely to be at risk of having this type of malware. It's still a concerning development, especially considering that, just a few weeks ago, Google revealed hackers are still able to use a technique known as "versioning" to slip malware onto Android devices while evading the Play Store's security processes. With this method, bad actors introduce malicious code through updates to already installed apps or by loading the payload from servers under their control.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
How to stay safe from malicious Android apps
Thankfully there are several precautions you can take to keep your phone safe from malicious Android apps. The first and most important tip is to avoid sideloading apps unless it's absolutely necessary. There are rare cases where you may have to sideload an app for work or to get a specific product to function, but beyond that, you shouldn't be installing any app from an unknown source.
The rule of thumb is you should only download apps from the Play Store or other official app stores like the Samsung Galaxy Store or Amazon Appstore. Malicious software does manage to slip through the cracks from time to time, which is why it pays to do your research before installing any new app by reading reviews and looking up the app's developers. But it's the safest bet there is.
More from Tom's Guide
Alyse Stanley is a news editor at Tom’s Guide overseeing weekend coverage and writing about the latest in tech, gaming and entertainment. Prior to joining Tom’s Guide, Alyse worked as an editor for the Washington Post’s sunsetted video game section, Launcher. She previously led Gizmodo’s weekend news desk, where she covered breaking tech news — everything from the latest spec rumors and gadget launches to social media policy and cybersecurity threats. She has also written game reviews and features as a freelance reporter for outlets like Polygon, Unwinnable, and Rock, Paper, Shotgun. She’s a big fan of horror movies, cartoons, and miniature painting.