The store page of one of the infected developers
In a curious case uncovered by security research firm Palo Alto Networks, 132 apps published on Google's Play Store were found to contain malware designed for Windows PCs. The apps, which were published by a total of seven developers and some of which had more than 10,000 downloads, all shared the common symptom of concealed iframe tags in their HTML code.
The iframes, which are most commonly used for embedding external elements, such as a YouTube video, in a webpage, tried loading elements from two well-known malicious Poland-based domains. What's even more curious is the fact that both of those domains were seized by Polish authorities all the way back in 2013. All of that led the researchers to the conclusion that the apps' developers had no bad intentions, but were most likely the victims of a hack themselves.
This was further corroborated by the fact that all seven of the developers were located in or near Indonesia, and many of the apps' names included the country's name, too. The hypothesis presented by the researchers is that the devs were infected from a common source with a malware that scans their hard disk for HTML files and injects them with malicious iframes. Thus, when uploading their apps to the Play Store, the included files were also infected.
Even if the malware included in the apps was Windows-specific and the domains it was supposed to be downloaded from were disabled a long time ago, this discovery is still somewhat problematic. Concealed iframes have been a well-known attack method for many years, and yet, Google's app screening process did nothing to flag these apps as potentially malicious. The Play Store has been known to contain malware in the past, too
, leading to the question of whether current security procedures are enough, and whether Google even cares at all, seeing as it also systematically promotes useless adware
on its storefront.