Android malware uses server-side polymorphism to evade detection

Summary:Tricks that worked for the bad guys on Windows now being reused for Android.

The other day we saw Android malware make use of steganography techniques, now another trick is uncovered.

Malware writers use all sorts of tricks to avoid detection, and one of those is called polymorphism. It's a cool trick that allows code to change without changing what the code actually does. A new form of polymorphism, called server-side polymorphism, has been used to evade detection on Windows systems for some time now, but security firm Symantec has discovered malware targeting the Android platfrom that uses the same trick.

The malware, called Android.Opfake, is embedded into applications hosted on Russian websites. The code is designed to modify itself every time it's downloaded to make detection more difficult. Also, it appears that the malware writers are constantly making changes and additions to the code as part of an ongoing maintenance program.

The code is capable of modifying itself on download in three different ways:

  • Variable data changes
  • File re-ordering
  • Insertion of dummy files

What's interesting about the dummy files created by the malware is that they all contain this mysterious image. Anyone know who it is?

Android.Opfake is yet another in a long line of Android malware that sends premium rate SMS messages without the user's consent.

If you are worried about such malware, then you should know that Symantec’s Norton Mobile Security protects customers against all automatically generated variants of Android.Opfake.

[poll id="749"]

Related:

Topics: Apps, Android

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.