On the Feasibility of Android Stegomalware: A Detection Study

Diego Soi

Primo

;Silvia Lucia Sanna

Secondo

;Angelica Liguori;Marco Zuppelli;Leonardo Regano;Davide Maiorca;Luca Caviglione;Giuseppe Manco

Penultimo

;Giorgio Giacinto

Ultimo

2025-01-01

---

Abstract

Android malware represents an evolving threat within the modern cybersecurity landscape due to the increasing importance of mobile systems in everyday life. Obfuscation and source code manipulations are systematically employed to bypass security measures and improve the effectiveness of attacks, especially to prevent detection or endanger the privacy of users. However, they represent only a portion of the evasive techniques that can be employed to make malicious software stealthier. In this work, we showcase a prime assessment of the joint use of steganography and repackaging techniques to hide information within Android APK resources. Specifically, we assess the capabilities of real-world antivirus aggregated by VirusTotal to identify payloads cloaked within audio and images of 20 popular Android applications. Our investigation demonstrated that repackaging steganographically modified assets is not always possible. Besides, our results revealed that common antivirus are not able to identify applications containing hidden data, thus highlighting the need for new Indicators of Compromise.