New Technique Allows Attackers to Hide Android Malware In Images

New Technique Allows Attackers to Hide Android Malware In Images

It is a cat and mouse game always with hackers coming up with newer ways to get around security and firewalls in order to infiltrate malware. Both Google and Apple have been very proactive in installing robust security systems and features on their smart phones and they have been able to contain this menace to a great extent.

Latest Security Breach Technique Is Cause For Concern

However, the latest technique adopted by hackers is something that is worrying. It enables them to even hide encrypted applications within images so as to escape detection by any of the antivirus software and also by Google’s malware scanner.

The technique developed by Axelle Apvrille and Ange Albertini was presented at a Black Hat conference on security recently at Amsterdam. The first named is a researcher while the latter excels in reverse engineering.

It involves controlling the input as well as the output of any file encryption that has been done. That is achieved by making use of the Advanced Encryption Standard or AES wherein properties of file formats are compromised to enable files remain valid though they have junk data attached to them.

AngeCryption Is The Name

The procedure has been christened AngeCryption. It was put into practice as Python script that would be available on the Google Code for download. The user just chooses the input as well as the output file and carries out the required modifications. When the same input file is then encrypted with one of the specified keys through AES and in CBC or cipher-block-chaining sequence, the output file as desired is produced.

The two named engineers have even taken the idea a step further. They have succeeded in applying the concept to APK or (Android application package) files. The proof-of-concept application they were able to create through this was the PNG image of the famous Star Wars character of Anakin Skywalker. It does not stop here though. The app enables them to decrypt the image further with a specific key to generate yet another APK file, which can then be installed.

Successful Demonstration Shows Possibilities

Though the demonstration produced characters like Anakin Skywalker and Darth Vader, it has shown how easy it is for a potential hacker to use the application for stealing messages, contacts and other such data from real people.

When the demonstration was going on, a permission request by Android was displayed when the engineer tried to install a decrypted APK file through the wrapper application. The permission was however bypassed using DexClassLoader making it impossible for the user to see anything. It also meant that the image need not be included within the wrapper application and can easily be downloaded from any remote server.The only requirement for such an attack to be successful is that data has to be appended and this has to be at the closing stages of the application.

As long as there is continued fragmentation of the Android OS, there is scope for such malware to cause damage. Google needs to step up on its initiatives to prevent this from happening.


Leave a Reply