Slashdot Mirror
Delivering Malicious Android Apps Hidden In Image Files
An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file . They also had to create another APK that carries the "booby-trapped" image file and which can decrypt it to unveil the malicious APK file and install it. A malicious app thusly encrypted is nearly invisible to reverse engineers, and possibly even to AV solutions and Google's Android Bouncer." (Here's the original paper, from researchers Axelle Apvrille and Ange Albertini.)
This is just a really fancy way of clicking on an apk. So you install Foosball 2020 and click the app launcher icon and then your phone says "sorry, you need to enable installing 3rd party apps, bye!" and you say "damn you android! I want to play foosball with robots!" so you go through system settings and enable 3rd party installations and get a big warning. Then you open the app launcher icon again and instead of a game, you see a whole new installation screen for another app and the permissions it requires ...
I think from a technical standpoint, this is really neat research, but there are much simpler ways to lead the cattle to the salt lick.
It won't work on an Android device unless you first enable the ability to side load apps, click through all the warnings, then re-start the trojan, click through the side load app warning, and finally click through the new app installation screen and permission list.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC