Presentation Material

Abstract

Are you fascinated by the intricacies of Android binaries and eager to push the boundaries of what you can achieve with them? Do you want to explore techniques to evade detection and enhance the capabilities to perform covert communication? Then this talk is tailor-made for you.

In this talk, we will be diving into the world of Signature Schemes (v1, v2, v3) used in Android APKs and the misuse of their shortcomings. We will show how you can change an Android APK binary without breaking its signature.

We will also talk about the potential use cases of this technique, both malicious and non-malicious. As part of the malicious use case, we will show how malicious data goes undetected through AVs when embedded in the legit applications downloaded from Play Store while still preserving its signing signature and how it is also an effective technique to create variations of malware with lower detection count with the example of Pegasus malware.