132 android apps on play store infected by Windows Malware
Despite the fact that the Google’s Android is the most extensively used smartphone operating system globally. It is being for its several vulnerabilities which is leading to breach the privacy of users. One of the most latest case was the ‘Gooligan’ malware that reportedly affected over 1 million Google accounts. Earlier than this malware attack, there has been a malware called Humming Bird, which affected millions of Android devices. Now, researchers have determined another exciting windows-based malware that has affected more than 132 apps on Google Play store.
The security company Palo Alto Networks has determined about this windows malware. These apps were infected with tiny hidden IFrames. To make things easier, an IFrame in a HTML document is embedded inside another HTML document on a website. In a blog post, the security company explains about the discovery of this windows malware. After a thorough research, it is said that the developer of these apps aren’t to be blamed for this windows malware. In fact, the company argues that during the development of those apps, the development platforms might have been infected with this malware that injects malicious content to HTML pages. IFrames is used for inserting content material from another source, which includes advertisements into a website.
You don’t have to fear about it now , as this incident is to Google security group and all the infected Android apps is from the Google Play store. The infected Android apps is about mastering how to make crochet blankets, home interior designing, DIY phone instances, knitting pattern cases, and more. Those apps had mostly to with studying and information. The usage of Android WebView to show static HTML pages were common in all apps.
After analyzing the web pages by the security company, it was found that the actual HTML code discovered a tiny hidden IFrames which was linked to malicious domain names. The research has also determined that most of the infected apps are from a common geographical area. But the developers have been unrelated. Majority of the apps origin is found to be Indonesia because the country’s name was seen with apps.
If the developers of these apps were the attackers, then they could have changed them with working domain names. But it hasn’t been done. One infected sample app tries to download the windows executable file. It also suggests that the attacker might not know about the target platform. One of the infected app has attempted to download and install a malicious windows.exe file. However since the platform is Android, the windows malware was unable to execute. Even though the infected apps will no longer affect the Android devices, it shouldn’t be taken lightly. Since it indicates how other platforms can be a carrier for a malware too.
The blog post also elaborates that attackers can “easily replace the current malicious domains with advertising URLs to generate revenue. This not only steals revenue from app developers, but can also harm the developers’ reputation”.