How Anakin Skywalker became Darth Vader. Virus for Android in .PNG picture
The new technique allows attackers to hide malware in Android applications by hiding them in seemingly harmless images that make malware invisible to antivirus products and a virus scanner integrated into Google Play.
This was announced at the Black Hat Europe computer security conference in Amsterdam, Fortinet specialists Axel April and Angie Albertini said.
Hackers demonstrated how, using a technique based on Advanced Encryption Standard (AES), you can “hide” a malicious file in a regular image with the .PNG extension, and then package it together with the viewer in a .APK file for Android OS. All this is done using the custom AngeCryption tool , available as a script for Pythone in Google Code.
When the infected application is launched on the mobile device under its control and the graphic file is open in it, another installation file is automatically created. Here it is something that attackers can use with criminal intentions.
April and Albertini showed their concept on Black Hat by creating a wrapper application for a PNG file featuring a Skywalker from Star Wars, after which they used it to get a second APK file containing a photograph of another character, Darth Vader. Using this simple trick, experts demonstrated how, using these simple operations, attackers, hackers, can steal any user data, including SMS, photos, contact list and other information.
It is worth noting that during the installation of the decrypted file with malware, Android reported these actions, but according to the researchers, this obstacle can be easily circumvented using the DexClassLoader method and the user will not see anything.
The security experts at the Android development team have been notified of the vulnerability and are already addressing it, April said.
This was announced at the Black Hat Europe computer security conference in Amsterdam, Fortinet specialists Axel April and Angie Albertini said.
Hackers demonstrated how, using a technique based on Advanced Encryption Standard (AES), you can “hide” a malicious file in a regular image with the .PNG extension, and then package it together with the viewer in a .APK file for Android OS. All this is done using the custom AngeCryption tool , available as a script for Pythone in Google Code.
When the infected application is launched on the mobile device under its control and the graphic file is open in it, another installation file is automatically created. Here it is something that attackers can use with criminal intentions.
April and Albertini showed their concept on Black Hat by creating a wrapper application for a PNG file featuring a Skywalker from Star Wars, after which they used it to get a second APK file containing a photograph of another character, Darth Vader. Using this simple trick, experts demonstrated how, using these simple operations, attackers, hackers, can steal any user data, including SMS, photos, contact list and other information.
It is worth noting that during the installation of the decrypted file with malware, Android reported these actions, but according to the researchers, this obstacle can be easily circumvented using the DexClassLoader method and the user will not see anything.
The security experts at the Android development team have been notified of the vulnerability and are already addressing it, April said.