Android malware uses server-side polymorphism to evade detection

Written by Adrian Kingsley-Hughes, Contributor

Adrian Kingsley-Hughes Contributor

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over two decades to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera. Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs.

Full Bio

Posted in Hardware 2.0 on February 1, 2012 | Topic: Developer

The other day we saw Android malware make use of steganography techniques, now another trick is uncovered.

Malware writers use all sorts of tricks to avoid detection, and one of those is called polymorphism. It's a cool trick that allows code to change without changing what the code actually does. A new form of polymorphism, called server-side polymorphism, has been used to evade detection on Windows systems for some time now, but security firm Symantec has discovered malware targeting the Android platfrom that uses the same trick.

The malware, called Android.Opfake, is embedded into applications hosted on Russian websites. The code is designed to modify itself every time it's downloaded to make detection more difficult. Also, it appears that the malware writers are constantly making changes and additions to the code as part of an ongoing maintenance program.

The code is capable of modifying itself on download in three different ways:

• Variable data changes
• File re-ordering
• Insertion of dummy files

What's interesting about the dummy files created by the malware is that they all contain this mysterious image. Anyone know who it is?

Android.Opfake is yet another in a long line of Android malware that sends premium rate SMS messages without the user's consent.

If you are worried about such malware, then you should know that Symantec’s Norton Mobile Security protects customers against all automatically generated variants of Android.Opfake.

[poll id="749"]

Related:

• Android malware makes use of steganography
• Millions caught up in Android botnet
• How ads undermine Android security
• Virtualization doesn’t fix all of Android’s ills
• Microsoft offers Android malware victims free Windows Phone handsets
• Six Android issues that Google doesn’t want to address
• Android bloatware results in serious security flaws
• Are security firms that warn of Android malware ‘charlatans and scammers’?
• Android Trojan records conversations, can send them to bad guys