Must Read: Little Printer: Meet the palm-sized, werewolf-spotting, cheeky face of the internet of things

Topic: Malware

Android malware makes use of steganography

Summary: Malware makers are turning to quite sophisticated tricks to disguise the true purpose of rogue applications.

Adrian Kingsley-Hughes

By for Hardware 2.0 |

Security firm F-Secure have released details on how Android malware makes use of steganography to hide the control parameters for rogue code.

First, what is steganography? It's the technique of hiding messages within something else, in this case, an icon file.

F-Secure first suspected that Android malware was making use of steganography when researchers came across this line of code:

Image credit: F-Secure

Image credit: F-Secure

Further digging revealed more code, and it soon became clear that the image file being referenced here was the icon file bundled with the rogue application:

Image credit: F-Secure

So what's this hidden information used for? It's used to control how and when premium rate SMS messages are sent from the victim's handset, which, as far as the bad guys are concerned, is the primary purpose of the rogue application.

You've got to admit, that's a pretty clever use of steganography.

Topics: Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

38 comments
Log in or register to join the discussion

  • RE: Android malware makes use of steganography

    This is embedded in images and can affect anything if that is the case... It does not need to be in an application.
    slickjim
    Reply Vote

  • RE: Android malware makes use of steganography

    All virus and malware makers should be executed on the spot. Strangled with their own codes.
    hooder42
    Reply Vote

    • Better yet

      @hooder42 <br><br>I'll do the strangling myself on a volunteer basis if their filthy codes wont do the trick.
      klumper
      Reply Vote

      • You too?

        @klumper
        Take a number.
        jlm123hi
        Reply Vote

    • Don't kill them...

      @hooder42 : That would be the easy out for them. Rather, cut off their fingers in a public display with a heated sword to cauterize the wounds.
      Zorched
      Reply Vote

      • Then lock them up

        @Zorched .. in permanent solitary confinement, limiting them to one phone call per year, tofu and lentils for food (24/7, non negotiable) and the constant, 24/7 flood of Barry Manilow's music in their cell confines.

        I can think of precious few, more heinous forms of punishment.
        thx-1138_
        Reply Vote

  • Brought to you by Linux

    The least secure mobile OS out there.
    toddybottom_z
    Reply Vote

    • RE: Android malware makes use of steganography

      @toddybottom_z <br>We all know this has nothing to do with Linux.

      Not working try harder.
      daikon
      Reply Vote

      • Android is Linux

        @daikon
        You guys shout that loud and clear every opportunity you get. This is a Linux problem. Even DTS insists that you all install AV on your mobile Linux devices because Linux is clearly a poorly designed OS. A well designed OS doesn't require AV.
        toddybottom_z
        Reply Vote

      • Unless you want to use the marketshare argument?

        @daikon
        Is Linux only being targeted because it has the largest marketshare? Please, I dare you, use the marketshare defense.
        toddybottom_z
        Reply Vote

      • RE: Android malware makes use of steganography

        @toddybottom_z Please stop pretending you know something about OS design. You're way out in left field on this one.
        Ignorance on the order of Lovey.
        radleym
        Reply Vote

      • RE: Android malware makes use of steganography

        @toddybottom_z: A well designed OS don't need jailbreaks to protect from remote exploits, like for the last time there was a PDF exploit on iPhone that you only every could protect from by either never clicking a link or by jailbreaking to install a PDF blocker.

        There are NO OS which can protect from all viruses. There are simply NO WAY AT ALL to algoritmically detect ALL code that is malicious. That is simply because the definition of "malicious" is hard to define. Even a perfectly fine app and service can become malicious without a single line of code changing on the phone, just by a change of ownership of the service.

        How do you protect against that? By letting Apple (who didn't notice the exploit in Moxie Marlinspike's app) protecting you? LOL!!!
        Natanael_L
        Reply Vote

      • RE: Android malware makes use of steganography

        @daikon As much as toddybottom annoys the crap out of me he does have a point... The Linux fans crow about how Android IS Linux until something like this happens and then it has nothing to do with Linux.

        So what I'd like to see - for the record mind you - an answer to a very simple question: [i]Is Android Linux[/i]? If it is then toddybottom's post - as much as I hate to acknowledge it - has some relevance but if it's NOT Linux then this whole "Android is Linux" thing needs to stop right here and now. It cannot be had both ways.
        athynz
        Reply Vote

      • RE: Android malware makes use of steganography

        @Natanael_L [b]A well designed OS don't need jailbreaks to protect from remote exploits, like for the last time there was a PDF exploit on iPhone that you only every could protect from by either never clicking a link or by jailbreaking to install a PDF blocker.[/b]

        So bringing up an issue that was relevant about a year ago proves what exactly? Come on dude this is the whole "If X has a vulnerability I can cover that vulnerability by steering the convo to Y's vulnerability" misdirection ploy. Not working BTW. Also Apple released a fix for that PDF issue shortly after the jailbreaking community did.

        What else ya got?
        athynz
        Reply Vote

    • RE: Android malware makes use of steganography

      @toddybottom_z

      It is not the operating system. If you allow code to run on any operating system and keep pressing "Yes or OK" through all the warnings, you will get infected. If you are comparing Android to Apple, the difference is the App store, where Apple checks the apps before they go into the store.
      mystic100
      Reply Vote

      • Unless it is Windows

        @mystic100
        "It is not the operating system."

        Then all malware is the fault of the OS. At least this is what Linux fanbois have been saying for years.

        No. I don't buy it. Any OS that requires AV (like Android does, according to our local Linux advocate DTS) is a poorly designed OS. That means Linux is a poorly designed OS with no security.
        toddybottom_z
        Reply Vote

      • RE: Android malware makes use of steganography

        @toddybottom_z With 'logic' like that, you're certainly don't understand computers.
        You made a mistatement. Therfore you can't speak english.
        radleym
        Reply Vote

      • RE: Android malware makes use of steganography

        @toddybottom_z: "Then all malware is the fault of the OS. At least this is what Linux fanbois have been saying for years."

        Liar. What they've been saying is that the typical virus and worm can't spread on a secure OS. HOWEVER, there are NO defences against TROJANS that the USER LETS IN. Compare it to letting a thief into you house and then complaining about that the alarm system that you just disabled don't work. No court will ever judge in your favor.
        Natanael_L
        Reply Vote

      • RE: Android malware makes use of steganography

        @mystic100 Anyone who followed the whole circus that occured a few months ago where a guy hired by Apple to test their security and posted a totally malicious app on the App store. It wasn't discovered for a few weeks until, said guy announced it and thoroughly pissed off Apple by embarassing them.

        If you want to suck your thumb and believe that Apple has your back, sleep well. For the rest of us, I would follow the many others suggesting that NO O/S is so secure that you don't need to protect yourself.

        You do no one a favor by suggesting it is OK to rely on the O/S to protect you from doing dumb things.
        sbf95070
        Reply Vote

      • RE: Android malware makes use of steganography

        @mystic100 But it IS the OS. All the Windows haters say so. That Windows is chock full of vulnerabilities. Again this is something you want to have both ways - that it's an insecure OS when it comes to Windows but the OS has not one thing to do with it when it comes to a Mac or Linux vulnerability. It either IS or IS NOT the OS. Which is it?
        athynz
        Reply Vote
CNET Join | Log In | Privacy | Cookies Close