Android malware represents an evolving threat within the modern cybersecurity landscape due to the increasing importance of mobile systems in everyday life. Obfuscation and source code manipulations are systematically employed to bypass security measures and improve the effectiveness of attacks, especially to prevent detection or endanger the privacy of users. However, they represent only a portion of the evasive techniques that can be employed to make malicious software stealthier. In this work, we showcase a prime assessment of the joint use of steganography and repackaging techniques to hide information within Android APK resources. Specifically, we assess the capabilities of real-world antivirus aggregated by VirusTotal to identify payloads cloaked within audio and images of 20 popular Android applications. Our investigation demonstrated that repackaging steganographically modified assets is not always possible. Besides, our results revealed that common antivirus are not able to identify applications containing hidden data, thus highlighting the need for new Indicators of Compromise.
On the Feasibility of Android Stegomalware: A Detection Study
Diego SoiPrimo
;Silvia Lucia SannaSecondo
;Leonardo Regano;Davide Maiorca;Giorgio GiacintoUltimo
2025-01-01
Abstract
Android malware represents an evolving threat within the modern cybersecurity landscape due to the increasing importance of mobile systems in everyday life. Obfuscation and source code manipulations are systematically employed to bypass security measures and improve the effectiveness of attacks, especially to prevent detection or endanger the privacy of users. However, they represent only a portion of the evasive techniques that can be employed to make malicious software stealthier. In this work, we showcase a prime assessment of the joint use of steganography and repackaging techniques to hide information within Android APK resources. Specifically, we assess the capabilities of real-world antivirus aggregated by VirusTotal to identify payloads cloaked within audio and images of 20 popular Android applications. Our investigation demonstrated that repackaging steganographically modified assets is not always possible. Besides, our results revealed that common antivirus are not able to identify applications containing hidden data, thus highlighting the need for new Indicators of Compromise.File | Dimensione | Formato | |
---|---|---|---|
paper9.pdf
accesso aperto
Descrizione: Versione Editoriale
Tipologia:
versione editoriale (VoR)
Dimensione
1.15 MB
Formato
Adobe PDF
|
1.15 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.