Android malware shifts shape on every download

Symantec, along with other companies, is reporting it has seen Android malware that automatically changes each time it is downloaded — much like server-side polymorphic viruses aimed at desktops

Symantec is reporting it has come across malicious Android applications hosted outside the Android marketplace that automatically change themselves each time they are downloaded.

The polymorphic malware, named Android.Opfake by Symantec, makes changes to variable data, re-orders files in Android packages and/or inserts dummy files in an attempt to avoid detection, the security company said in a blog post on Thursday. These dummy files all contain a picture of a Russian man who has become somewhat of an internet celebrity due to people manipulating his photo into various images.

However, while the malware might share similar characteristics to polymorphic viruses, Trend Micro told ZDNet UK's sister site ZDNet Australia that strictly speaking, it is not the same in the mobile environment as it is in the desktop environment.

In the desktop environment, server-side polymorphic malware takes advantage of the way that it can be distributed. Infected sites distribute malware to the user by exploiting any number of vulnerabilities. However, server-side polymorphic malware gives users a unique strain of the malware, making detection difficult. Detection usually occurs by looking for similar signatures, but, since the generation of malware occurs server-side, the end results are (ideally) completely different.

For more on this ZDNet UK-selected story, see Android malware finds way to polymorph on ZDNet Australia.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.



You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All