Beware of BadPack: One Weird Trick Being Used Against Android Devices
July 16, 2024, 1:26 p.m.
Tags
External References
Description
The report examines the recent trend of BadPack Android malware, which utilizes tampered headers to obstruct analysis tools. It explores the effectiveness of various freely available utilities for analyzing BadPack Android Package Kit (APK) files. The report dissects the structure of APK files and how malware authors manipulate local and central directory headers to evade detection. Additionally, it traces the Android codebase implementation responsible for the discrepancy between analysis tools and the Android runtime regarding BadPack APK extraction. The analysis provides insights into the manifestation of the BadPack technique and its impact on popular Android reverse engineering tools.
Date
Published: July 16, 2024, 1:03 p.m.
Created: July 16, 2024, 1:03 p.m.
Modified: July 16, 2024, 1:26 p.m.
Indicators
90c41e52f5ac57b8bd056313063acadc753d44fb97c45c2dc58d4972fe9f9f21
131135a7c911bd45db8801ca336fc051246280c90ae5dafc33e68499d8514761
0003445778b525bcb9d86b1651af6760da7a8f54a1d001c355a5d3ad915c94cb
015bd2e799049f5e474b80cbbdcd592ce4e2dfbfae183bada86a9b6ec103e25e
Attack Patterns
TeaBot
Cerberus
BianLian
T1036.003
T1195.002
T1583.001
T1543.003
T1059.006
T1036.004
T1564.003
T1064
T1574.002
T1059.005
T1497.001
T1059.001
T1059.007
T1071.001
T1518.001
T1036.005
T1518
T1082
T1027
T1195