The other day we saw Android malware make use of steganography techniques, now another trick is uncovered.
Malware writers use all sorts of tricks to avoid detection, and one of those is called polymorphism. It's a cool trick that allows code to change without changing what the code actually does. A new form of polymorphism, called server-side polymorphism, has been used to evade detection on Windows systems for some time now, but security firm Symantec has discovered malware targeting the Android platfrom that uses the same trick.
The malware, called Android.Opfake, is embedded into applications hosted on Russian websites. The code is designed to modify itself every time it's downloaded to make detection more difficult. Also, it appears that the malware writers are constantly making changes and additions to the code as part of an ongoing maintenance program.
The code is capable of modifying itself on download in three different ways:
- Variable data changes
- File re-ordering
- Insertion of dummy files
What's interesting about the dummy files created by the malware is that they all contain this mysterious image. Anyone know who it is?
Android.Opfake is yet another in a long line of Android malware that sends premium rate SMS messages without the user's consent.
If you are worried about such malware, then you should know that Symantec’s Norton Mobile Security protects customers against all automatically generated variants of Android.Opfake.
- Android malware makes use of steganography
- Millions caught up in Android botnet
- How ads undermine Android security
- Virtualization doesn’t fix all of Android’s ills
- Microsoft offers Android malware victims free Windows Phone handsets
- Six Android issues that Google doesn’t want to address
- Android bloatware results in serious security flaws
- Are security firms that warn of Android malware ‘charlatans and scammers’?
- Android Trojan records conversations, can send them to bad guys