In the interest  of sharing VB2014 conference papers and presentations the editor of Virus Bulletin magazine has blogged about Gregory Panakkal’s paper titled “Leaving our ZIP undone: How to Abuse ZIP to Deliver Malware Apps” on VB’s information portal on recent security trends.

This paper explores the ZIP file format, specifically as an APK as handled by the Android OS and details the new malformations that can be imposed on the APK file format to bypass AV engine unarchiving and scanning, whilst keeping the APK valid for the Android OS. This paper also describes the concept of a “chameleon ZIP” that is application specific, and the challenges for the AV engine components that scan content based on the identified package type.

A Chameleon Zip Example

Archana Sangili, Content Writer
If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Like what you're reading? Subscribe to our top stories.

If you want to subscribe to our monthly newsletter, please submit the form below.