In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of malware, with code obfuscation standing out as a deceptive technique.
This method intentionally distorts code elements, rendering them inscrutable to the untrained eye, impeding analysis and complicating the decompilation process.
Symantec’s recent investigation unravels a Spyware cluster employing ingenious techniques to elude static analysis.
Resource camouflage emerges as a stealthy strategy, where mobile applications strategically place concealed resources within APK files, mirroring the names and permissions of vital resources.
This confounding tactic challenges analysis tools and complicates the extraction process.
Document
@import url(‘https://fonts.googleapis.com/css2?family=Poppins&display=swap’);
@import url(‘https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap’);
*{
margin: 0; padding: 0;
text-decoration: none;
}
.container{
font-family: roboto, sans-serif;
width: 90%;
border: 1px solid lightgrey;
padding: 20px;
background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%);
margin: 20px auto ;
border-radius: 40px 10px;
box-shadow: 5px 5px 5px #e2ebff;
}
.container:hover{
box-shadow: 10px 10px 5px #e2ebff;
}
.container .title{
color: #015689;
font-size: 22px;
font-weight: bolder;
}
.container .title{
text-shadow: 1px 1px 1px lightgrey;
}
.container .title:after {
width: 50px;
height: 2px;
content: ‘ ‘;
position: absolute;
background-color: #015689;
margin: 20px 8px;
}
.container h2{
line-height: 40px;
margin: 2px 0;
font-weight: bolder;
}
.container a{
color: #170d51;
}
.container p{
font-size: 18px;
line-height: 30px;
}
.container button{
padding: 15px;
background-color: #4469f5;
border-radius: 10px;
border: none;
background-color: #00456e ;
font-size: 16px;
font-weight: bold;
margin-top: 5px;
}
.container button:hover{
box-shadow: 1px 1px 15px #015689;
transition: all 0.2S linear;
}
.container button a{
color: white;
}
hr{
/* display: none; */
}
Protect Your Storage With SafeGuard
Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Try StorageGuard for Free
Adding Layers of Obfuscation
Another method involves employing unsupported compression methods in APK files, disrupting third-party libraries, and intensifying the complexity of analysis.
This compression trickery adds an extra layer of obfuscation, heightening the challenge for security analysts.
Intriguingly, the Spyware cluster utilizes “no compression” data to evade signature scheme verification, exploiting Android’s flexibility in supporting both compression methods.
By introducing unsupported compression entry codes, these spywares navigate through the Android security infrastructure, avoiding detection through signature schemes.
Resource obfuscation disrupts reverse engineering tools by introducing invalid attributes and illegal resource IDs in AndroidManifest.xml and resources.arsc files.
Tools like Apktool, Jadx, and JEB encounter challenges when faced with obfuscated elements, underscoring the cunning employed by this spyware.
Unmasking App Behaviors: A Multifaceted Deception
The Spyware cluster adopts a multifaceted scheme, disguising itself as popular games, apps, and even system-level applications.
Once installed, these deceptive apps seek accessibility permissions, facilitating the monitoring and reporting of user activities to a designated server.
Automated permission granting
The C&C sections of these spywares introduce noise, including junk code and irrelevant strings, into essential methods.
This obfuscation aims to disrupt static analysis tools, yet careful scrutiny reveals a specific format in the server’s responses, enabling command execution.
Employing anti-killing/uninstalling methods, the spyware safeguards itself by triggering actions like ‘HOME’ or ‘BACK’ when users attempt to terminate or uninstall the app.
This proactive defense thwarts user intervention. The Spyware cluster underscores the dynamic nature of mobile threats, necessitating robust security measures.
Users are urged to install security apps, avoid downloading from unfamiliar sources, keep software updated, scrutinize app permissions, and maintain frequent backups as essential safeguards in this ever-evolving landscape.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
The post New Android Malware Employs Various Tactics to Deceive Malware Analyst can be searched on searchng.ng & dotifi.comCyber Security News.
