- Apr 21, 2016
- 4,370
For some reason or another, 132 Android apps found in the official Google Play marketplace are attempting to infect users with Windows malware.
This is a rather head-scratching moment, because the two don't really mix. Made by seven different developers, the apps contain tiny hidden IFrames that link to malicious domains in their local HTML pages.
According to researchers from security firm Palo Alto Networks, it seems that the developers are actually innocent in this case, or, at the very least, can't be blamed. They believe that it is most likely that the app's developers' developmental platforms were infected with malware that searches for HTML pages and injects malicious content at the end of the HTML pages it finds.
"If this is this case, this is another situation where mobile malware originated from infected development platforms without developers' awareness," they write.
The findings were reported to Google and the 132 apps have since been removed from Google Play. The app list included design ideas for sweets, gardening and coffee tables and it seems that the most popular one had some 10,000 downloads.
All the apps have one thing in common - they employ Android WebView to display static HTML pages. While it seems that these pages don't do anything more than load locally stored pictures, a deeper look at the code reveals a hidden IFrame linking to malicious domains.
One of the infected pages also attempts to download and install a malicious Microsoft Windows executable file, but since we're talking about an Android device, the file won't actually execute.
Read more: Over 130 Google Play Apps Tried to Infect Users with Windows Malware
This is a rather head-scratching moment, because the two don't really mix. Made by seven different developers, the apps contain tiny hidden IFrames that link to malicious domains in their local HTML pages.
According to researchers from security firm Palo Alto Networks, it seems that the developers are actually innocent in this case, or, at the very least, can't be blamed. They believe that it is most likely that the app's developers' developmental platforms were infected with malware that searches for HTML pages and injects malicious content at the end of the HTML pages it finds.
"If this is this case, this is another situation where mobile malware originated from infected development platforms without developers' awareness," they write.
The findings were reported to Google and the 132 apps have since been removed from Google Play. The app list included design ideas for sweets, gardening and coffee tables and it seems that the most popular one had some 10,000 downloads.
All the apps have one thing in common - they employ Android WebView to display static HTML pages. While it seems that these pages don't do anything more than load locally stored pictures, a deeper look at the code reveals a hidden IFrame linking to malicious domains.
One of the infected pages also attempts to download and install a malicious Microsoft Windows executable file, but since we're talking about an Android device, the file won't actually execute.
Read more: Over 130 Google Play Apps Tried to Infect Users with Windows Malware
