Hackers have developed Android APKs that can evade security software

Android Package Kit (APK) is the file format that the Android Operating Systems use to distribute and install apps, and therefore contains all the elements that an app needs to install correctly on your device, writes Cyber Security Technologist Euan Henderson.

According to Zimperium, hackers are using APKs to bypass security measures using new compression methods. It is estimated that over 3,300 APKs are using these stealth techniques to evade malware detection programs.

These APKs are not being distributed by the official Google Play store, but rather by untrusted app stores and by using social engineering to persuade users to side-load the APK on their device. Side-loading is the ability for one app, for example the Chrome Browser, to install apps onto the device.

It is recommended that organisations follow the National Cyber Security Centre’s guidelines as laid out in the Cyber Essentials standard to help protect against this attack by ensuring that the following is met:

  • Users are only allowed to download approved applications from an approved application link.
  • Devices are not rooted, and the presence of applications, such as SU#, are checked for on devices to ensure that side-loading cannot take place.
  • Ensure side-loading is not enabled.
  • Applications can only be downloaded from the official app store such as the Google Play Store.

For more information on this topic please click here.

 

 

Indelible Data offers comprehensive Cyber Essentials and Cyber Essentials Plus support.