Over 100 Android Apps on Google Play Found to Be Infected With Windows Malware

 

HIGHLIGHTS

  • 132 apps were found infected with malware
  • The security firm traced the infected apps to a common location
  • Malware were downloaded from domains that have been disabled

Android has been known to suffer malware attacks from time to time. Just recently in December, it was reported that a malware called ‘Gooligan’ breached accounts of more than a million users. Now, a bizarre new type of malware has been detected in around 132 apps in Google Play that had the ability to affect Windows users, according to a security firm.

Palo Alto Networks discovered the malware-ridden apps and reported them to Google to have them removed from Google Play. The Internet security team in a blog post said that the apps, which were developed by several different people, managed to hide HTML-based iframe tags. The iframe tags, which are generally used to embed external elements in a webpage, like a YouTube video, was also loading elements from malicious domains. In one case, an app didn’t use iframe but Microsoft’s Visual Basic language to load malicious code into the app.

In the report, Palo Alto Networks traces the infected apps to a common geographical location even though the developers are unrelated. Most of the apps are said to originate from Indonesia, since the country’s name was attached to the names of the apps.Over 100 Android Apps on Google Play Found to Be Infected With Windows Malware

“One common way HTML files have been infected with malicious iframes has been through file infecting viruses like Ramnit. After infecting a Windows host, these viruses search the hard drive for HTML files and append iframes to each document. If a developer was infected with one of these viruses, their app’s HTML files could be infected,” the report notes.

The reports goes on to suggest that the malicious nature of the apps was not intentional and that the developers simply did not realise that their apps’ HTML files were infected when uploading their apps to Google Play. Furthermore, the purpose of the malware was to load interstitial ads and the main malicious applications, elaborates Ars Technica.

These Windows-specific malware were downloaded from domains that have long since been disabled. So while the apps themselves aren’t a threat on Android devices, it still raises concerns on Google’s app screening process, and why it failed to identify the infected apps.

Google Play Hit by More Ztorg-Based Android Malware, Says Kaspersky Labs

 

HIGHLIGHTS
Google has removed Magic Browser and Noise Detector apps
These apps belonged to the Ztorg Trojan family of Android malwares
Kaspersky researcher spotted these apps and their attack course
In a bid to increase security on its Android platform, Google has reportedly removed more Android apps from its Google Play store for the second time this month. Google has taken strict action against two malicious apps – Magic Browser and Noise Detector – acting as conduits for attackers to remotely ‘root’ control the infected devices after a researcher from Kaspersky Lab pointed out the threat in his report. The Android malware carried by these apps belongs to the Ztorg Trojan family, which is notoriously known for bypassing Google’s safety controls to root infected Android devices.

In a report published on Kaspersky Lab’s Securelist website, senior researcher Roman Unuchek presents extensive analysis on the new Ztorg-based malware. Kaspersky Lab says Ztorg malware bypassed Google’s malware checks almost 100 times since September last year, and the malware family is best known for gaining ‘root’ privileges of infected devices to completely control them. Ztorg apps like Privacy Lock and a false Pokemon Go guide raked in huge download numbers before they were recognised as malicious and deleted from Google Play.Google Play Hit by More Ztorg-Based Android Malware, Says Kaspersky Labs

Coming to the current batch of apps, the first one is Magic Browser that pretended to be a Chrome browser alternative in Google Play. It was published on May 15 and had been downloaded over 50,000 times before it was finally removed. The other app is Noise Detector that was meant to allow users to measure the decibel level of sounds and had more than 10,000 downloads before its removal.
Both the apps, as we mentioned, belonged to the Ztorg Trojan family, but didn’t root affected devices before their removal. Unuchek says the app had the Ztorg digital fingerprint, and speculates that the developers may soon have added the root ability if the apps hadn’t been removed.

Unuchek says the Magic Browser app was being used by developers to either test or use malicious text messaging functions. The Magic Browser could send premium text messages to infected phone numbers and leave no traces behind by even deleting the incoming messages and muting the notification sound. “In total, the Magic browser app tries to send SMS from 11 different places in its code. Cybercriminals are doing this in order to be able to send SMS from different Android versions and devices. Furthermore, I was able to find another modification of the Trojan-SMS.AndroidOS.Ztorg that is trying to send an SMS via the “am” command, although this approach should not work,” reads Unuchek’s report.

 

Apple Malware Appears to Be Skyrocketing

 

If you’re a Mac user, you might want to look out for an increase of unwanted advertisements popping out from your web browsers.

Security firm McAfee released a report this week that showed a big jump in 2016 regarding malware hitting the Mac operating system. The McAfee report said there were 460,000 malware instances affecting the Mac OS in the fourth quarter of 2016, an over 700% jump from the previous year during the same quarter.

McAfee’s new report confirms similar research by other cybersecurity firms in recent years that show an increased prevalence of malware affecting Apple computers. Essentially, as more people buy Apple (AAPL, -0.19%) computers, there are more possibilities for malware to infect the machines.Image result for Apple Malware Appears to Be Skyrocketing

Get Data Sheet, Fortune’s technology newsletter.

But while an over 700% surge in malware may sound frightening, it should be noted that “the big increase in Mac OS malware was due to adware bundling,” the report’s authors wrote. Adware refers to software that automatically displays online advertisements to users when they surf the web.

Adware, while annoying and obtrusive to some users, is considered by security researchers to be relatively harmless compared to the kinds of computer viruses that can help criminals hack into people’s machines.

One way people can protect themselves from accidentally downloading adware is by only downloading apps from Apple’s approved online store instead of installing software from less reliable sources.

In January, cybersecurity firm Malwarebytes said that it discovered a new type of malware that could freeze Apple computers.