To avoid malware detection, threat actors are employing Android Package (APK) files with unknown or unsupported compression algorithms.
That’s according to findings from Zimperium, which discovered 3,300 artefacts using such compression algorithms in the wild. 71 of the discovered samples can be successfully loaded into the operating system.
There is no evidence that the apps were ever available on the Google Play Store, implying that they were disseminated through alternative channels, most likely through untrustworthy app stores or social engineering to fool users into sideloading them.
The APK files employ “a technique that limits the possibility of decompiling the application for a large number of tools, reducing the possibilities of being analysed,” security researcher Fernando Ortega explained. “In order to do that, the APK (which is in essence a ZIP file), is using an unsupported decompression method.”
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: