arXiv: The Invisible Ink of the Android Malware World: A Longitudinal Study on the Usage of Covert Communication Channels

This publication, a longitudinal study from arXiv, analyzes how Android malware has increasingly used covert communication channels—such as steganography, encrypted payloads in network traffic, and hidden data in system logs—to evade detection over the past decade. While not a regulatory change itself, the research highlights a growing threat to data security and system integrity that directly impacts compliance obligations under the EU AI Safety framework, particularly for organizations deploying or auditing AI-driven security systems. The study underscores that traditional detection methods may be insufficient against these evolving evasion techniques.

The findings affect all organizations in the EU that develop, deploy, or oversee AI-based cybersecurity tools, especially those in critical infrastructure, finance, healthcare, and telecommunications. Compliance teams in these sectors must reassess whether their AI systems are robust against such covert channels, as failure to detect them could lead to data breaches, regulatory penalties, and reputational harm. The study also impacts auditors and regulators who evaluate AI safety and security controls.

Compliance teams should immediately review their AI system risk assessments to ensure they account for advanced evasion techniques like those documented in the study. They should update their threat modeling and testing protocols to include scenarios involving covert communication channels, and verify that their AI models are trained on datasets reflecting these real-world attack patterns. Finally, teams should document these updates in their AI safety compliance reports to demonstrate proactive risk management under the evolving regulatory landscape.