Over 100 Android Apps on Google Play Found to Be Infected With Windows Malware

 

HIGHLIGHTS

  • 132 apps were found infected with malware
  • The security firm traced the infected apps to a common location
  • Malware were downloaded from domains that have been disabled

Android has been known to suffer malware attacks from time to time. Just recently in December, it was reported that a malware called ‘Gooligan’ breached accounts of more than a million users. Now, a bizarre new type of malware has been detected in around 132 apps in Google Play that had the ability to affect Windows users, according to a security firm.

Palo Alto Networks discovered the malware-ridden apps and reported them to Google to have them removed from Google Play. The Internet security team in a blog post said that the apps, which were developed by several different people, managed to hide HTML-based iframe tags. The iframe tags, which are generally used to embed external elements in a webpage, like a YouTube video, was also loading elements from malicious domains. In one case, an app didn’t use iframe but Microsoft’s Visual Basic language to load malicious code into the app.

In the report, Palo Alto Networks traces the infected apps to a common geographical location even though the developers are unrelated. Most of the apps are said to originate from Indonesia, since the country’s name was attached to the names of the apps.Over 100 Android Apps on Google Play Found to Be Infected With Windows Malware

“One common way HTML files have been infected with malicious iframes has been through file infecting viruses like Ramnit. After infecting a Windows host, these viruses search the hard drive for HTML files and append iframes to each document. If a developer was infected with one of these viruses, their app’s HTML files could be infected,” the report notes.

The reports goes on to suggest that the malicious nature of the apps was not intentional and that the developers simply did not realise that their apps’ HTML files were infected when uploading their apps to Google Play. Furthermore, the purpose of the malware was to load interstitial ads and the main malicious applications, elaborates Ars Technica.

These Windows-specific malware were downloaded from domains that have long since been disabled. So while the apps themselves aren’t a threat on Android devices, it still raises concerns on Google’s app screening process, and why it failed to identify the infected apps.

Apple found guilty of Russian price-fixing

 

Russia’s competition watchdog has found that Apple fixed the prices of certain iPhone models sold in the country.

The Federal Anti-Monopoly Service (Fas) said that Apple’s local subsidiary told 16 retailers to maintain the recommended prices of phones in the iPhone 5 and iPhone 6 families.

Non-compliance with the pricing guidelines may have led to the termination of contracts, it found.

Apple has not yet responded to a request for comment.

At the time of the investigation, Apple denied that it controlled its products’ pricing, telling Reuters that resellers “set their own prices for the Apple products they sell in Russia and around the world”.

The regulator said Apple had now ended its price-fixing practices but has not said whether the company faces a fine.

The FAS claimed that Apple Rus monitored the retail prices for the iPhone 5c, 5s, 6, 6 Plus, 6s and 6s Plus.iphone 6s Plus out of box

“In the case of the establishment of ‘inappropriate’ prices, the Russian subsidiary of Apple sent emails to resellers asking them to change,” the watchdog said.

The deputy head of the FAS, Andrey Tsarikovsky, added that “Apple actively co-operated” with the investigation and that the company had “adopted the necessary measures to eliminate violations of the law”.

That included training employees in the “anti-monopoly legislation norms” in Russia.

In May, the FAS found that Google used its dominant position to force its own apps and services on users and fined it £5m ($6m).

And, in November, the regulator opened an investigation into whether Microsoft abused its position in the security market with Windows 10, following a complaint from Moscow-based anti-virus firm Kaspersky.

 

Apple has finally found someone to support HomeKit

 

It’s been a year since Apple officially launched its internet-of-things smart-home service – an event that we noted at the time was somewhat undermined by the fact that there were virtually no products that worked with it.

Twelve months later and two weeks out from its annual conference, Apple has finally snagged its first big customer. What’s more, Belkin says that its compatibility with Apple’s HomeKit standard won’t just extend to a single product, but to every Wemo device it has produced – every smart plug, switch, light and camera.

There’s only one downside: you will have to buy a specific HomeKit bridge to make it work.

“Wemo is offering this bridge to address the overwhelming request from customers to make currently installed Wemo products work with HomeKit and other HomeKit compatible products,” said Belkin’s CTO Brian Van Harlingen cheerfully, adding: “We’re proud to work with Apple to bring together two of the most influential Smart Home platforms.”

This is quite a shift from exactly a year ago when Belkin decided it wasn’t going to bother with Apple’s tightly controlled ecosystem.

“We hear you, Wemo fans. Trust us, we do. We know you really want HomeKit compatibility for your Wemo devices and we are sorry that we’ve kept you hanging for so long,” it opined in a blog post in March 2016. “But the short answer is that Wemo will not work with HomeKit in the immediate future. Before you get mad and stop reading, please hear us out…”Happy business people celebrate. Photo by Shutterstock

But why?

And the reason behind the decision was the same as pretty much every other manufacturer of smart home products: Apple’s insistence that its own special chip be added to all products to make them work.

“Right now the only way to make Wemo work with HomeKit is to build a completely separate line of products and we don’t think that makes sense for the overall Wemo ecosystem,” the company explained.

“HomeKit integration requires a specific hardware component and cannot be accomplished with a software or firmware update to existing devices. Though we have tried to find a workaround solution, thus far nothing has fallen within Apple’s HomeKit guidelines.”

The decision by Apple back in 2015 to require people to use special hardware to work with its system has been a disaster for the company.

It had to scrap its plans to launch HomeKit with a new “Home” app for the iPhone at its annual Worldwide Developers Conference (WWDC) that year, despite having teed it up the year before.

It took another year for the app to appear, and even then it was a half-hearted effort, with senior VP of software engineering Craig Federighi doing his best to sound excited.

What we found most notable was the fact that half of the customers listed on the slide Federighi shared with WWDC attendees two years earlier were no longer featured.

Arrogant

The reality is that Apple’s arrogance has caused it – not for the first time – to overplay its hand. It changed course on its smart home plans when they decided it needed to build security into the product and, being Apple, that it had to be in control of that.

Apple’s logic was that smart homes would rely on smart phones, and as the maker of the iPhone it was in a position to effectively dictate the market. All it would need to do is create an easy-to-use app and everyone would jump on board.

Except they didn’t. And the smart home market has slowly grown with only a few companies bothering to include HomeKit in their plans. “HomeKit collides with the rest of the industry,” the CEO of WigWag, Ed Hemphill, told us when we asked around about the dearth of HomeKit products back in October. “Their approach is just onerous and unnecessary.”

But Apple is not out of the running just yet. The slow acceptance of smart home products by consumers, combined with continuing security concerns over smart home and internet-of-things devices, means that the market has not moved as swiftly as many expected.

However, with industry and governments now getting serious about new IoT security standards, and with devices like Amazon’s Alexa and Google’s Home adding voice control and activation into homes, that window of opportunity is closing.

This year’s WWDC will be on June 8 and if Apple doesn’t announce something that moves it forward drastically when it comes to the smart home, by the time June 2018 comes around it may well have lost its chance to grab a decent chunk of the market.

Behold the bridge: Wemo changes its tune, but there’s no escaping the clunkiness of the solution

Rule change?

Last year, Wemo said that “no current Wemo device will ever be able to work with HomeKit unless Apple changes its rules.” We asked Belkin if that meant Apple has relaxed its rules to make the new bridge viable; Belkin told us no.

“The rules haven’t changed – we decided to go with a bridge approach so that would go onboard all current Wemo users. We had lots of customers asking for support,” a spokesperson told us.

It’s possible that Belkin felt that demand was sufficiently large from Apple users for there to be a market for the bridge (it will be out this fall for an undisclosed sum), but just as likely is that it has received early notice of Apple’s plans and decided that something was better than nothing.

But the reality is that a bridge is a terrible compromise. It will need to be plugged into your router and presumably also into an electrical socket. Control commands will then have to pass through it to your various Wemo products. It is inelegant to say the least and a step back for an industry that realized a long time ago that adding a new bridge every time you install a new smart home device from a different manufacturer was never going to scale.

The future is undoubtedly in using standards and protocols that allow products to work and communicate together without having to pass through proprietary interfaces. So while Belkin’s decision to support HomeKit is a sign that Apple is not yet a smart-home lost cause, it does highlight the fundamental stumbling block that continues to exist with Apple’s product.

Unless Apple plans to bring out its own line of smart home products, it’s hard to see how it is going to persuade everyone else to play ball.