More than 100 Play Store apps tried to infect Android devices with Windows malware


In a curious case uncovered by security research firm Palo Alto Networks, 132 apps published on Google's Play Store were found to contain malware designed for Windows PCs. The apps, which were published by a total of seven developers and some of which had more than 10,000 downloads, all shared the common symptom of concealed iframe tags in their HTML code.

The iframes, which are most commonly used for embedding external elements, such as a YouTube video, in a webpage, tried loading elements from two well-known malicious Poland-based domains. What's even more curious is the fact that both of those domains were seized by Polish authorities all the way back in 2013. All of that led the researchers to the conclusion that the apps' developers had no bad intentions, but were most likely the victims of a hack themselves.

This was further corroborated by the fact that all seven of the developers were located in or near Indonesia, and many of the apps' names included the country's name, too. The hypothesis presented by the researchers is that the devs were infected from a common source with a malware that scans their hard disk for HTML files and injects them with malicious iframes. Thus, when uploading their apps to the Play Store, the included files were also infected.

Even if the malware included in the apps was Windows-specific and the domains it was supposed to be downloaded from were disabled a long time ago, this discovery is still somewhat problematic. Concealed iframes have been a well-known attack method for many years, and yet, Google's app screening process did nothing to flag these apps as potentially malicious. The Play Store has been known to contain malware in the past, too, leading to the question of whether current security procedures are enough, and whether Google even cares at all, seeing as it also systematically promotes useless adware on its storefront.

FEATURED VIDEO

11 Comments

1. ibend

Posts: 6747; Member since: Sep 30, 2014

list of those apps? any potential damage it may cause? nothing?

2. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Practically a rounding error if only "more" than 100 from the thousands of apps in the Play store. So damage and whatnot isn't exactly something that will be significant.

10. marorun

Posts: 5029; Member since: Mar 30, 2015

Another useless news. use bitdefenfer anti virus on all android phone. Case closed. 7 years using android not a single malware infected me. 6 years working at Telus not a single client with infected device. As usual fear tactics versus android as seen in all media lol.

11. mikehunta727 unregistered

https://www.extremetech.com/computing/104827-android-antivirus-apps-are-useless-heres-what-to-do-instead Anti viruses on Android are useless and just slow your phone down and use more battery. Talk about a major false sense of security... do you tell all your customers this advice..? I feel for them. Just tell them to get a Pixel

3. Tabby_Tiger

Posts: 305; Member since: Jan 23, 2017

Is it still malware if it can no longer compromise/damage the target device it manage to infect?

7. trojan_horse

Posts: 5868; Member since: May 06, 2016

I do not this so. ^ It managed to infect the Android aps, but it being a malware for the Microsoft Windows OS, it'll be pretty much harmless in Android... I think.

4. Unordinary unregistered

great,,, #expected

5. liberalsnowflake

Posts: 273; Member since: Feb 24, 2017

Every malware developers makes money with android unlike the android oem who bleeds each and every penny.

6. HillaryClinton2020

Posts: 191; Member since: Feb 08, 2017

Because malware and Android fanboys are one of a kind, they meant to be together. Both of them spread hate and negative stuff.

8. SleeperOne

Posts: 370; Member since: Feb 25, 2017

Buzzfeed won't help you avoid taxes forever, TRANSylvania man.

9. RebelwithoutaClue unregistered

And once again you are full of prejudice and nonsense. One of the most negative people on this site seems to be quite often you

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.