Android malware was able to fool antiviruses thanks to non-standard compression algorithms
A study by Zimperium found that a new type of Android malware skillfully disguises itself from antivirus software by using an unusual anti-analysis method for Android Package (APK) files, making it virtually invisible to most antiviruses.
Zimperium, which specializes in cybersecurity, has discovered that malicious files resist decompilation (the process that antiviruses use to detect suspicious code) by using non-standard or heavily modified compression algorithms. Since this method is still unknown to antivirus programs, malware can masquerade as an ordinary app, completely bypassing smartphone protection.
A Zimperium report published this week points to 3,300 APK files using this compression method. Of those, 71 APK files successfully launch and run on Android 9 and older. Zimperium found no evidence that the apps associated with the detected malicious APK files were ever hosted in the Google Play Market.
This indicates that they were distributed in other ways, such as through third-party app stores or manual installation by the user. While this is alarming news for Android smartphone owners, the main risk is nevertheless for those users who install apps not from official stores.
What's Your Reaction?