How Anakin Skywalker became Darth Vader. Android virus in picture .png
The new technique allows attackers to hide malware in Android applications by hiding them in harmless-looking images that make malware invisible to antivirus products and the virus scanner integrated into Google Play.
About this at the Black Hat Europe conference on computer security, which takes place in Amsterdam, Fortinet experts Axel Appril and Angie Albertini reported.
')
Hackers demonstrated how to use the Advanced Encryption Standard (AES) technique to hide a malicious file into a regular image with the .PNG extension, and then pack it together with the viewer into the .APK file for the Android OS. All this is done with the help of a custom tool AngeCryption , available as a script for Pythone in Google Code.
When the infected application is launched on the mobile device under its control, and the graphic file in it is opened, another installation file is automatically created. Here it is the attackers can use with criminal intent.
April and Albertini showed their concept on Black Hat by creating a wrapper application for a PNG file with Skywalker from Star Wars, after which they received a second APK file, which included a photo of another character, Darth Vader. With the help of this simple focus, experts have demonstrated how using these simple operations, hackers can steal any user data, including SMS, photos, contact list and other information.
It is worth noting that during the installation of the decrypted file with Android malware reported these actions, but according to the researchers, this obstacle is easily circumvented using the DexClassLoader method and the user will not see anything.
Android security team security experts have been notified of the vulnerability and are already addressing it, Appril said.
About this at the Black Hat Europe conference on computer security, which takes place in Amsterdam, Fortinet experts Axel Appril and Angie Albertini reported.
')
Hackers demonstrated how to use the Advanced Encryption Standard (AES) technique to hide a malicious file into a regular image with the .PNG extension, and then pack it together with the viewer into the .APK file for the Android OS. All this is done with the help of a custom tool AngeCryption , available as a script for Pythone in Google Code.
When the infected application is launched on the mobile device under its control, and the graphic file in it is opened, another installation file is automatically created. Here it is the attackers can use with criminal intent.
April and Albertini showed their concept on Black Hat by creating a wrapper application for a PNG file with Skywalker from Star Wars, after which they received a second APK file, which included a photo of another character, Darth Vader. With the help of this simple focus, experts have demonstrated how using these simple operations, hackers can steal any user data, including SMS, photos, contact list and other information.
It is worth noting that during the installation of the decrypted file with Android malware reported these actions, but according to the researchers, this obstacle is easily circumvented using the DexClassLoader method and the user will not see anything.
Android security team security experts have been notified of the vulnerability and are already addressing it, Appril said.
Source: https://habr.com/ru/post/241137/
All Articles