Hackers Use New Compression to Hide Malware in APKs

Hackers are constantly seeking new methods to infiltrate devices and gain unauthorized access. According to a report from security firm Zimperium, a member of the App Defense Alliance, hackers have discovered a novel compression technique to hide malware in APK files, making it undetectable by conventional security measures.

Joe Security first reported this new technique, revealing that an APK could evade analysis while still executing seamlessly on Android devices. Unlike traditional malware, which triggers recognizable alerts, this new approach keeps hackers under the radar of antivirus programs and cybersecurity experts. One tactic involves using filenames longer than 256 characters, which can cause crashes in analysis tools. Hackers also manipulate the AndroidManifest.xml files and use malformed String Pools to disrupt tools that process Android XML files.

The report uncovered that approximately 3,300 APKs are currently using these anti-analysis techniques. While most of these APKs are too corrupted for Android to load, a subset of 71 malicious APKs has been shown to operate smoothly on Android OS versions 9 (API 28) and later.

Not on the Play Store

Fortunately, none of the applications using this new compression technique have been found on Google’s Play Store. This means that users who avoid sideloading apps from sources outside the official Play Store are currently safe from this threat.

However, this situation underscores the importance of caution when downloading apps from the internet. When using external app sources is unavoidable, users should perform antivirus scans on their devices and avoid granting unnecessary permissions to apps.