Android malware makes use of steganography

Android malware makes use of steganography

Summary: Malware makers are turning to quite sophisticated tricks to disguise the true purpose of rogue applications.

SHARE:
TOPICS: Malware, Security
38

Security firm F-Secure have released details on how Android malware makes use of steganography to hide the control parameters for rogue code.

First, what is steganography? It's the technique of hiding messages within something else, in this case, an icon file.

F-Secure first suspected that Android malware was making use of steganography when researchers came across this line of code:

Image credit: F-Secure

Image credit: F-Secure

Further digging revealed more code, and it soon became clear that the image file being referenced here was the icon file bundled with the rogue application:

Image credit: F-Secure

So what's this hidden information used for? It's used to control how and when premium rate SMS messages are sent from the victim's handset, which, as far as the bad guys are concerned, is the primary purpose of the rogue application.

You've got to admit, that's a pretty clever use of steganography.

Topics: Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

38 comments
Log in or register to join the discussion
  • RE: Android malware makes use of steganography

    This is embedded in images and can affect anything if that is the case... It does not need to be in an application.
    slickjim
  • RE: Android malware makes use of steganography

    All virus and malware makers should be executed on the spot. Strangled with their own codes.
    hooder42
    • Better yet

      @hooder42 <br><br>I'll do the strangling myself on a volunteer basis if their filthy codes wont do the trick.
      klumper
      • You too?

        @klumper
        Take a number.
        jlm123hi
    • Don't kill them...

      @hooder42 : That would be the easy out for them. Rather, cut off their fingers in a public display with a heated sword to cauterize the wounds.
      Zorched
      • Then lock them up

        @Zorched .. in permanent solitary confinement, limiting them to one phone call per year, tofu and lentils for food (24/7, non negotiable) and the constant, 24/7 flood of Barry Manilow's music in their cell confines.

        I can think of precious few, more heinous forms of punishment.
        thx-1138_
  • Brought to you by Linux

    The least secure mobile OS out there.
    toddybottom_z
    • RE: Android malware makes use of steganography

      @toddybottom_z <br>We all know this has nothing to do with Linux.

      Not working try harder.
      daikon
      • Android is Linux

        @daikon
        You guys shout that loud and clear every opportunity you get. This is a Linux problem. Even DTS insists that you all install AV on your mobile Linux devices because Linux is clearly a poorly designed OS. A well designed OS doesn't require AV.
        toddybottom_z
      • Unless you want to use the marketshare argument?

        @daikon
        Is Linux only being targeted because it has the largest marketshare? Please, I dare you, use the marketshare defense.
        toddybottom_z
      • RE: Android malware makes use of steganography

        @toddybottom_z Please stop pretending you know something about OS design. You're way out in left field on this one.
        Ignorance on the order of Lovey.
        radleym
      • RE: Android malware makes use of steganography

        @toddybottom_z: A well designed OS don't need jailbreaks to protect from remote exploits, like for the last time there was a PDF exploit on iPhone that you only every could protect from by either never clicking a link or by jailbreaking to install a PDF blocker.

        There are NO OS which can protect from all viruses. There are simply NO WAY AT ALL to algoritmically detect ALL code that is malicious. That is simply because the definition of "malicious" is hard to define. Even a perfectly fine app and service can become malicious without a single line of code changing on the phone, just by a change of ownership of the service.

        How do you protect against that? By letting Apple (who didn't notice the exploit in Moxie Marlinspike's app) protecting you? LOL!!!
        Natanael_L
      • RE: Android malware makes use of steganography

        @daikon As much as toddybottom annoys the crap out of me he does have a point... The Linux fans crow about how Android IS Linux until something like this happens and then it has nothing to do with Linux.

        So what I'd like to see - for the record mind you - an answer to a very simple question: [i]Is Android Linux[/i]? If it is then toddybottom's post - as much as I hate to acknowledge it - has some relevance but if it's NOT Linux then this whole "Android is Linux" thing needs to stop right here and now. It cannot be had both ways.
        athynz
      • RE: Android malware makes use of steganography

        @Natanael_L [b]A well designed OS don't need jailbreaks to protect from remote exploits, like for the last time there was a PDF exploit on iPhone that you only every could protect from by either never clicking a link or by jailbreaking to install a PDF blocker.[/b]

        So bringing up an issue that was relevant about a year ago proves what exactly? Come on dude this is the whole "If X has a vulnerability I can cover that vulnerability by steering the convo to Y's vulnerability" misdirection ploy. Not working BTW. Also Apple released a fix for that PDF issue shortly after the jailbreaking community did.

        What else ya got?
        athynz
    • RE: Android malware makes use of steganography

      @toddybottom_z

      It is not the operating system. If you allow code to run on any operating system and keep pressing "Yes or OK" through all the warnings, you will get infected. If you are comparing Android to Apple, the difference is the App store, where Apple checks the apps before they go into the store.
      mystic100
      • Unless it is Windows

        @mystic100
        "It is not the operating system."

        Then all malware is the fault of the OS. At least this is what Linux fanbois have been saying for years.

        No. I don't buy it. Any OS that requires AV (like Android does, according to our local Linux advocate DTS) is a poorly designed OS. That means Linux is a poorly designed OS with no security.
        toddybottom_z
      • RE: Android malware makes use of steganography

        @toddybottom_z With 'logic' like that, you're certainly don't understand computers.
        You made a mistatement. Therfore you can't speak english.
        radleym
      • RE: Android malware makes use of steganography

        @toddybottom_z: "Then all malware is the fault of the OS. At least this is what Linux fanbois have been saying for years."

        Liar. What they've been saying is that the typical virus and worm can't spread on a secure OS. HOWEVER, there are NO defences against TROJANS that the USER LETS IN. Compare it to letting a thief into you house and then complaining about that the alarm system that you just disabled don't work. No court will ever judge in your favor.
        Natanael_L
      • RE: Android malware makes use of steganography

        @mystic100 Anyone who followed the whole circus that occured a few months ago where a guy hired by Apple to test their security and posted a totally malicious app on the App store. It wasn't discovered for a few weeks until, said guy announced it and thoroughly pissed off Apple by embarassing them.

        If you want to suck your thumb and believe that Apple has your back, sleep well. For the rest of us, I would follow the many others suggesting that NO O/S is so secure that you don't need to protect yourself.

        You do no one a favor by suggesting it is OK to rely on the O/S to protect you from doing dumb things.
        sbf95070
      • RE: Android malware makes use of steganography

        @mystic100 But it IS the OS. All the Windows haters say so. That Windows is chock full of vulnerabilities. Again this is something you want to have both ways - that it's an insecure OS when it comes to Windows but the OS has not one thing to do with it when it comes to a Mac or Linux vulnerability. It either IS or IS NOT the OS. Which is it?
        athynz