New spyware reveals new and surprising obfuscation techniques

The universe of cybercrime is constantly changing, constantly looking for new ways to evade detection tools malwarewhich for their part are increasingly advanced.

In this continuous recurrence, characterized by ingenuity e technology implemented by both parties involved, the ability to hide malicious code never ceases to surprise professionals.

A recent Symantec investigation that examined a cluster of spywarebrought to the surface new obfuscation techniquescapable of evading classic analysis systems.

One of the strategies adopted by cybercriminals, for example, is to place hidden resources within file APK which, once executed, reproduce the names of authorizations vital to the functioning of the smartphone. In this way, it is possible to confuse the antivirus less reactive, easily taking over the Android device in question.

This, however, is not the only surprising technique identified by experts.

Advanced obfuscation techniques: a real nightmare for security experts

Another solution used to bypass control systems is the adoption of unsupported compression methods.

Antivirus and the like, in fact, often focus on archives with known extensions. In the case of files that exploit obsolete or niche technologies, it is possible to obfuscate malicious agents which then, if necessary, can activate when they have already stabilized on the phone.

By introducing unsupported compression codes, malicious agents move through theAndroid security infrastructureavoiding detection via digital signature schemes.

From Symantec’s analysis, it also emerges that part of the spyware analyzed uses data “without compression” which, similar to the previous technique, seem to disorient the analysis tools.

As you can imagine, dealing with these obfuscation techniques is very difficult. Trust in app e reliable stores, in this sense, is a good preventive practice. To mitigate further risks it is also essential update consistently Android.

This way you can get it as soon as possible corrective patches provided by the developers, avoiding possible flaws in the operating system.

LEAVE A REPLY

Please enter your comment!
Please enter your name here