Malicious apps have been one of the growing concerns for Android phones. And while Google has been taking some serious steps to combat the spread of Android malware apps, hackers are always finding new ways to evade security measures. This time, they are using a stealthy APK compression method.
With APK compression, Android malware apps can conceal themselves from Android’s built-in security measures. And what’s more concerning is they can even hide themselves from the best antivirus apps. But the good news is that it’s easy to protect yourself from these stealthy apps.
More About The New Technique Used By the Android Malware Apps
Zimperium has discovered a new method hackers use to get malware apps to stay undetected on Android phones. And if you don’t know who Zimperium is, it’s a mobile security firm that’s dedicated to identifying and eliminating malware apps from the Google Play Store.
This APK compression method packs the APK into files, which can be used to install and distribute apps through the Android ecosystem. These malicious apps can resist decompilation. Here, decompilation is the process utilized by security systems and antivirus software to flag suspicious codes.
In technical terms, these new malicious apps utilize heavily manipulated or unsupported compression algorithms. And as the tactic is fairly unknown to security programs, it allows the Android malware apps to act like regular apps. Through that, they can bypass all the security measures.
How Bad Is the Situation Right Now
According to Zimperium, the firm has found 3300 different malicious apps utilizing the APK compression technique. Among them, 71 of the samples work completely fine on Android OS 9 and later. Zimperium started to look into the issue after Joe Security released a report.
That report showcased how an APK can bypass the malware analysis process and run seamlessly on Android devices. For those unaware, Joe Security is a Swiss firm that specializes in deep malware analysis for Linux, Android, and macOS.
From the recent report from Zimperium, there’s no evidence that these malware apps are present in the Google Play Store at any point in time. In other words, none of the 3300 flagged APKs are in the Google Play Store. That basically means that the apps were distributed through alternative means.
What the alternative means could be? Well, it’s third-party app stores which let you sideload apps. Sideloading apps has been a common practice in the Android world. And while Google adds a layer of security to prevent sideloading, it’s easy to get that security layer turned off. Yes, I’m talking about the “install apps from unknown sources” option.
While sideloading Android apps on phones has legitimate use cases, hackers have always exploited the feature. And I was not surprised to know that the new Android malware apps are actually spreading through the same method.
What Should You Do To Stay Safe From These Malicious Android Apps
You can take several precautions to keep yourself safe from the new Android malware apps. First of all, you should avoid sideloading apps. There are very rare cases where sideloading apps is absolutely necessary.
For those cases, make sure that you’re downloading the app from a reliable source. But for other cases, always rely on official app stores to get apps on your phone. For example, Google Play Store, Samsung App Store, and Amazon App Store.
Secondly, you should keep good antivirus software installed on your phone. Yes, Android malware apps do slip through the cracks of these antivirus apps from time to time. But even so, most good antivirus software tend to update their scanning mechanism as soon as new malware techniques are found.