Hackers are always cooking up new ways to get their malicious apps onto your smartphone. The latest tool in their arsenal is a new type of Android malware that can conceal itself from the best antivirus apps by using a novel anti-analysis method for Android Package, or APK, files.
That's according to recent findings from Zimperium, a mobile security firm dedicated to identifying and eliminating malware from the Google Play store. APKs are package files used to install and distribute apps across Google's mobile ecosystem. These malicious files resist decompilation (a.k.a. the process antivirus software uses to flag suspicious code) by using unsupported or heavily manipulated compression algorithms.
Since this tactic is unknown to antivirus programs and cybersecurity researchers are only just discovering it, it enables malware to pose as a regular app and completely bypass security measures. A Zimperium report published this week found 3,300 APKs using this suspicious compression method in the wild. And 71 of the identified samples work fine on Android OS version 9 and later.
BleepingComputer reports Zimperium began looking into the issue after Joe Security, a Switzerland-based security firm that specializes in deep malware analysis for Windows, macOS, Linus, and Android, released a report showcasing an APK that could bypass malware analysis yet run seamlessly on Android.
What is the best way to bypass #Malware analysis on #Android? Checkout the local and central Zipfile header of APK 2f371969faf2dc239206e81d00c579ff and tell us what you see. We tested various tools and they all failed. https://t.co/WZoAggsnMy pic.twitter.com/cItKYyN2eqJune 28, 2023
Zimperium notes it didn't find evidence that the apps affiliated with the 3,300 APKs flagged in its analysis were listed on the Google Play Store at any point in time. That suggests the apps were distributed through alternative means, such as third-party app stores or sideloading.
The best Android phones have always offered the ability to sideload apps by downloading and installing an APK file, though you'll first need to enable the ability to install apps from unknown sources in your phone’s settings. And while sideloading has its legitimate use cases, it's also frequently exploited by bad actors to sneak malware onto otherwise legitimate-looking apps.
The good news is if you don't sideload apps on your Android phone, you're unlikely to be at risk of having this type of malware. It's still a concerning development, especially considering that, just a few weeks ago, Google revealed hackers are still able to use a technique known as "versioning" to slip malware onto Android devices while evading the Play Store's security processes. With this method, bad actors introduce malicious code through updates to already installed apps or by loading the payload from servers under their control.
How to stay safe from malicious Android apps
Thankfully there are several precautions you can take to keep your phone safe from malicious Android apps. The first and most important tip is to avoid sideloading apps unless it's absolutely necessary. There are rare cases where you may have to sideload an app for work or to get a specific product to function, but beyond that, you shouldn't be installing any app from an unknown source.
The rule of thumb is you should only download apps from the Play Store or other official app stores like the Samsung Galaxy Store or Amazon Appstore. Malicious software does manage to slip through the cracks from time to time, which is why it pays to do your research before installing any new app by reading reviews and looking up the app's developers. But it's the safest bet there is.
More from Tom's Guide
