Yes, malware in Android apps aimed at Windows devices.
Palo Alto Networks’ researchers have made a startling new discovery that nearly 145 applications available on the Google Play Store contain malicious Microsoft Windows executable files. Some of the malware-infected apps have been downloaded over a thousand times and display 4-star ratings.
The malicious code cannot infect Android devices because it requires a Windows system to be executed. The only way Android users can get their devices infected is if they connect their phones to a Windows computer and download any of the infected app’s source code to run the PE file hidden inside.
However, the very fact that these infected apps are available on the official Google Play Store is indeed concerning. Moreover, it indicates that software developer ‘odieapps’ isn’t paying enough consideration to the security aspect of the apps.
In a blog post, Palo Alto Networks researcher wrote:
“These embedded Windows executable binaries can only run on Windows systems: they are inert and ineffective on the Android platform. The fact that these APK files are infected indicates that the developers are creating the software on compromised Windows systems that are infected with malware.”
Researchers claim that such an infection is actually threatening to the entire software supply chain because it opens the gate for a wider attack scale for KeRanger and NotPetya sort of malware. Some of the malicious apps include:
- Men’s Design Ideas
Gymnastics Training Tutorial
Learn to Draw Clothing
Modification Trial
Hair Paint Color
A majority of these apps contained Windows keylogger whole researchers claim that all the apps were infected with different types of Windows malware strains and were packed as Portable Executable files (PE). Some of the apps contain different malware infections and were developed by different developers. It was discovered that a specific PE file was present in the source code of 142 apps.
Apps marked in red contained Windows keylogger
It is also stated that the malware strains and the keylogger all found their way into the apps only after the app developers got infected with the malware, such as were developed on an infected OS.
“The fact that these APK files are infected indicates that the developers are creating the software on compromised Windows systems that are infected with malware,” researchers wrote.
These apps were uploaded to the Play Store between Oct 2017 and Nov 2017.
Another concerning fact is that the infected apps have remained on Google Play for more than 6 months, which means these stayed undetected by Google for so long. However, after it was reported by Palo Alto Networks, Google removed all the infected apps from its official Play Store.
