- 132 apps were found infected with malware
- The security firm traced the infected apps to a common location
- Malware were downloaded from domains that have been disabled
Android has been known to suffer malware attacks from time to time. Just recently in December, it was reported that a malware called ‘Gooligan’ breached accounts of more than a million users. Now, a bizarre new type of malware has been detected in around 132 apps in Google Play that had the ability to affect Windows users, according to a security firm.
Palo Alto Networks discovered the malware-ridden apps and reported them to Google to have them removed from Google Play. The Internet security team in a blog post said that the apps, which were developed by several different people, managed to hide HTML-based iframe tags. The iframe tags, which are generally used to embed external elements in a webpage, like a YouTube video, was also loading elements from malicious domains. In one case, an app didn’t use iframe but Microsoft’s Visual Basic language to load malicious code into the app.
In the report, Palo Alto Networks traces the infected apps to a common geographical location even though the developers are unrelated. Most of the apps are said to originate from Indonesia, since the country’s name was attached to the names of the apps.
“One common way HTML files have been infected with malicious iframes has been through file infecting viruses like Ramnit. After infecting a Windows host, these viruses search the hard drive for HTML files and append iframes to each document. If a developer was infected with one of these viruses, their app’s HTML files could be infected,” the report notes.
The reports goes on to suggest that the malicious nature of the apps was not intentional and that the developers simply did not realise that their apps’ HTML files were infected when uploading their apps to Google Play. Furthermore, the purpose of the malware was to load interstitial ads and the main malicious applications, elaborates Ars Technica.
These Windows-specific malware were downloaded from domains that have long since been disabled. So while the apps themselves aren’t a threat on Android devices, it still raises concerns on Google’s app screening process, and why it failed to identify the infected apps.