Android apps have always remained an easy target of exploitation primarily because of the high number of Android users across the globe. In the latest research analysis from security firm Palo Alto Networks, it was revealed that around 132 Android apps on Google Play store contain malicious coding. This could be due to the use of infected computers by the developers at the time of app development.
The research team claims that these apps either generate hidden iframes or produce HTML document, which is embedded in a web page and links two different domains where the malware is hosted.
It must be noted that the apps that were shortlisted by Palo Alto Networks to be infected with malware were not high-end apps but commonly downloaded apps like design ideas for landscaping a garden, creating cheesecakes, etc. The issue to be concerned about is that some of these apps have been downloaded 10,000 times.
Google has removed the apps from its Play Store while Palo Alto Networks suggest that the developers cannot be blamed for the issue because they might not be aware of the fact that the computer they were using for development of the new app was infected with malware that searched for HTML pages only to inject them with malicious code.
After installing the malicious coding containing app, these start displaying web pages, which contain hidden iframe that create a link between the device and two suspicious domains. These domains have already been identified to be involved in hosting Windows malware after which a Polish security company took their control in 2013 and later the domains were taken down.
Palo Alto Networks also came across an app that instead of launching the web pages containing iframes, launched an MS Visual Basic script that is used for Windows, which the team found a bit awkward since the script cannot harm Android users.
Researchers are of the opinion that the tainted 132 apps that create a link to two defunct yet malicious domains do not pose a serious threat and it seems that the tempering is a product of an accident. As the intelligence director at Palo Alto Networks, Ryan Olson stated:
“File infecting viruses can bounce around for years, even after these domains are taken offline. They also typically infect executable files and copy themselves to USB and shared drives. The malware that wrote the iframe to these files was probably released before the domains were sinkholed.”
Palo Alto Networks also revealed that seven different parties had developed apps, but all seemingly have a connection with Indonesia. Either way, the best way to protect your device from malicious apps is to keep the number of apps limited and never download any app from a third-party app store.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.