Android Malware: A Picture Is Worth A Thousand Words

Android is facing a unique and brand new type of threat. Researchers seem to have found that the platform can now be compromised through malware that is hidden in images. This is interesting because never before have we heard of an image being used to hide malware, but of course if it had to happen it was going to happen to this OS first

What's in a picture

Hackers can actually hiding encrypted malware apps within pictures so that the antivirus, and Google's own checking system, can't find it. Google Play doesn't have much of a reputation for finding and hindering malware, but it does have a system in place and in many instances it does work. However, a malware that's hiding within a picture might actually tumble out of even its own grasp. The attack is brought to us courtesy Axelle Apvrille, a research from Fortinet, and Ange Albertini. Their study was first presented at the Black Hat Europe security conference where they outlined the flaw. With their work, both researchers have demonstrated how this loophole can be manipulated.

Hacked and ready

The duo has found a technique through which they can gain control of an image by use of AES. The technique known as AngeCryption can exploit the image through its file format. Even though they are rigged with bad content and malicious code, because they're hiding in the image the scanners don't find any trouble with the images. The research team has also tested out their idea with APK. The file seems to be an image of Anakin Skywalker from Star Wards, but can be decrypted to turn into another APK file which can do the real damage. In this case the file contained a hidden image, one of Darth Vader. While this may seem like a harmless joke, in reality a loophole such as this would translate into something much worse than a fictional character – it would be a danger that is very real. This method can be used to steal all kinds of data including contacts, photos and texts. Despite the fact that this research will help Google develop a fix immediately, it remains a huge issue that fragmentation in the platform will ensure that many people are not able to get help or get an update when they need it. The malware can do serious damage till Google figures out how to get them the help to begin with. From different firmware versions to users that don't have a clue – the battle is going to be a tough one. The good news is that security updates are not as slow as they used to be. So users can breathe easier knowing that a solution is headed their way. The research is just one more piece of proof that Google needs to start taking its security and privacy issues more seriously. It isn't a joke that almost the entirety of the malware world is targeting this one specific platform.