Security News Google just removed over 100 apps infected with Windows malware

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
In brief: We know from experience that malware-loaded apps sometimes sneak their way onto the Play store, but the 145 infected applications Google just removed were a bit different: they contained malware designed to infect Windows machines.

Cybersecurity company Palo Alto Networks informed Google of the apps, which contained malicious Microsoft Windows executable files. They were released between October 2017 and November 2017, so they were available to consumers for months before being removed. Some of them had been downloaded over 1000 times and boasted 4-star reviews.

What’s unusual about these particular apps is that they posed no threat to Android users, even though they were made for Google’s mobile platform. But anyone who unpacked the apps on a Windows machine and ran any of the .exe files put themselves at risk.
It’s suspected that the malware made its way onto the apps through the developers creating them on “compromised Windows systems.” Not all of the software from the same developer contained malicious files, leading to speculation that different computers were used to create different apps.

“Some of the infected apps include “Learn to Draw Clothing”, an app teaching people how to draw and design clothing; “Modification Trail”, an app showing images of trail bike modification ideas; “Gymnastics Training Tutorial”, an app letting people find healthy ideas for gymnastic moves,” explains the firm.
One file found on virtually all of the infected apps was a Windows keylogger, which could be used to steal sensitive information such as passwords and credit card numbers. Other malicious activities included creating executable and hidden files in Windows folders, changing the registry, and connecting to a specific IP address.

While most users won’t have been affected by the apps, the number of downloads they received means at least some people could have unpacked them in Windows. Check out the full list of programs here.


Cruel Comment- Google spends quite a bit on Project Zero to find flaws in products. One would think that they should first clean their own house and not need help from Palo Alto.
 
L

Local Host

Google spends quite a bit on Project Zero to find flaws in products. One would think that they should first clean their own house and not need help from Palo Alto.
They're more busy bashing others (Microsoft) than worrying about their own turf.

Will apps like these (removed from Google Play) also be removed from peoples phones if they have them installed?
I don't think so, normally when an APP is removed from the Play Store it doesn't remove it from your phone (if you have it installed already).

Then again this is not a simple APP, but malware, so I can't say for sure.
 

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
The funniest thing about this press release was that they tried to justify things:

1). "It won't affect Android"- like this makes everything OK
2). The apps must have been coded on infected systems- this yields the biggest laughter- it has been known for YEARS that a previously fine app can be bought Lock, Stock, and Credential by Bad People (aka Blackhats) who then re-code the app to include credential stealers like keyloggers. But instead of shining a light on this as well as Google's own Vetting ineptitude they would rather blame Poor Innocent App Builders coding stuff on nasty infected Windows systems.

Don't you hate it when Corporations think you are stupid?
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Will apps like these (removed from Google Play) also be removed from peoples phones if they have them installed?
Android devices come with built-in software called Play Protect, which regularly checks to make sure all apps are behaving on your device. If a harmful app is detected, Play Protect will display an alert, or block the app entirely.

Security Center - Overview

It would be nice to know/see how it actually deals with malicious apps as in Googles official presentations it's normaly always " No problems found ". I get tons of more information watching videos from @Aerdian

I was able to find some images.
k3WCQWf5_o.jpg
DlxVuSTK_o.jpg
 

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,264
So hopefully play protect also deletes or at least warns about those apps on peoples phones. :unsure:
They never mention this on articles about removing malicious apps from the store (n)
 
F

ForgottenSeer 72227

While I'm not a programmer and don't know all the ins and outs of getting an app on the store, it seems like Apple's reputation of being a pain to get apps approved for the store is far better than the wild west of the play store IMO.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top