Serious Android Bug Allows Malware to Evade Security Scanning
A serious bug has been discovered in the Google Android platform, allowing mobile malware to evade security scanning tools. ThreatFabric, a security firm, identified this mobile malware obfuscation method, which has been exploited by Android banking trojans such as Ermac, Octo, and Cerberus. Google has flagged the issue as 'high' severity and awarded ThreatFabric a $5,000 bug bounty.
The bug, present in all Android OS versions, enables malicious code to be sneaked into mobile apps by corrupting components. This method has seen an increase in usage since April 2023, with more malware families adopting it. Apps modified using this method have Android Manifest files with newer timestamps than other files, and mismatched string counts. Notably, Google's APK Analyzer tool currently fails to parse malicious applications that abuse this issue.
Google has since updated its app malware detection mechanisms in response to this new research. However, before these updates, the method was already abused by Android banking trojans, highlighting the urgent need for security measures.
The discovery of this bug underscores the importance of regular security updates and robust detection mechanisms. While Google has taken steps to address the issue, users are advised to remain vigilant and keep their Android devices and apps up-to-date.
