"Thousands of Android APKs Use Compression Trick to Thwart Analysis"

Threat actors are increasingly distributing malicious Android APKs (packaged app installers) that can resist decompilation through unsupported, unknown, or highly adjusted compression algorithms. The main benefit of this strategy is evading detection by security tools using static analysis and impeding examination by researchers, thus delaying the discovery of how an Android malware strain works. Zimperium, a member of the 'App Defense Alliance' dedicated to identifying and removing malware from Google Play, analyzed the landscape of decompilation resistance in response to a tweet by Joe Security showcasing an APK that evades analysis but functions properly on Android devices. According to a new report by zLab, 3,300 APKs use these unusual anti-analysis techniques, which may cause many of them to crash. This article continues to discuss the compression trick used by thousands of Android APKs to avoid analysis. 

Bleeping Computer reports "Thousands of Android APKs Use Compression Trick to Thwart Analysis"