FISA

  In a recent study, Zimperium uncovered a concerning trend in  Android malware  that uses a tricky method to hide itself from antivirus programs. This APK can be installed on Android devices with an OS version above Android 9 Pie (API 28), reducing the possibility of being analyzed.  How was this made possible According to researchers, it was  achieved  by using an unsupported decompression method in the APK, which is essentially a zip file. While the technique is not new and was first demonstrated in 2014, security researchers have begun noticing its impact only lately. For instance, Zimperium found over 3,000 APKs in the wild, using this suspicious compression technique.  A rather concerning part is that these APKs were not found on the official Google Play Store, indicating distribution via third-party app stores or sideloading using some social engineering or phishing attack. Another sneaky tactic emerging lately Just a few days back, Google ...

Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems. There is no evidence that the apps were available on the Google Play Store at any point in time, indicating that the apps were distributed through other means, typically via untrusted app stores or social engineering to trick the victims into sideloading them. The APK files use "a technique that limits the possibility of decompiling the application for a large number of tools, reducing the possibilities of being analyzed," security researcher Fernando Ortega said. "In order to do that, the APK (which is in essence a ZIP file), is using an unsupported decompression method." The advantage of such an approach is its ability to res...