Slashdot Mirror

← Back to Stories (view on slashdot.org)

Delivering Malicious Android Apps Hidden In Image Files

Posted by timothy on from the best-case-never-touch-a-phone dept.

An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file . They also had to create another APK that carries the "booby-trapped" image file and which can decrypt it to unveil the malicious APK file and install it. A malicious app thusly encrypted is nearly invisible to reverse engineers, and possibly even to AV solutions and Google's Android Bouncer." (Here's the original paper, from researchers Axelle Apvrille and Ange Albertini.)

2 of 113 comments (clear)

  1. fjaoiejaaaaaaarghhh by gl4ss · · Score: 0, Troll

    yeah it's fucking stupid fucking stupid fucking stupid
    FUCKING STUPID TO THE EXTREME!

    that the included APK is hidden inside the png is totally TOTALLY irrelevant. it could be ANY kind of file that it is in. heck, just "thisisthemaliciousapkinrot8.apk" would do it.

    also, does it somehow silently install the malicious apk? on phones where untrusted sources is unchecked? that would be the interesting bit, so I guess no. it would be the main bit of their program, not the irrelevant png wooooo encryption nonsense shit. they could just download the malicious apk too. or open a browser to go the malicious apps url and hope that the user installs it.

    I mean fuck, there's dozens of ways to hide malicious code that even gets run in android without this. do the authors even understand how impossible it is for the automatic scans to check for every custom "malicious" code there is? it just checks for pre configured signatures on files ffs. their new malicious code would have gotten through just as included class files, nevermind as included .so files,nevermind as included linux executables(old way to do native parts without ndk).

    now, let's get back to talking about host files.

    --
    world was created 5 seconds before this post as it is.
  2. Re:android = windows by 0123456 · · Score: 0, Troll

    I'm as anti-Windows as anybody, but calling it "fragmented" is a bit silly.

    At work I have an XP VM, with one interface. At home I have Windows 7, with a somewhat different interface. My laptop came with Window 8, which has a radically different interface (of course I pulled out the HDD, installed an SSD and put Linux on it). There's also Window 8.1, which has a somewhat different interface. Oh, and there's 32-bit and 64-bit, and Home and Pro and Basic and Ultimate and...

    Windows is at least as fragmented as Android.