Google Pulls Malware Tainted Android Apps

Wednesday, August 1, 2018 @ 09:08 AM gHale

Google pulled Google Play applications after discovering they had malware hidden inside, researchers said.

Most of the 145 malicious Windows applications ended up placed on the app store between October and November 2017 and remained there for over half a year, said researchers at Palo Alto Networks.

RELATED STORIES
Open Android Port Target of Attack
Android July Security Patches
Android P Compiler-Based Mitigations Expanded
Android Trojan for Rent

After receiving the alert, Google quickly removed them all.

The malicious code within these Android PacKages (APKs) is proof of the dangers posed by supply chain attacks: Software developers built these applications on compromised Windows systems.

“The infected APK files do not pose any threat to Android devices, as these embedded Windows executable binaries can only run on Windows systems: They are inert and ineffective on the Android platform,” Palo Alto Networks’ reserchers Yue Chen, Wenjun Hu, Xiao Zhang and Zhi Xu said in a post. “The fact that these APK files are infected indicates that the developers are creating the software on compromised Windows systems that are infected with malware.

Some of the infected Android applications had over 1000 downloads and 4-star ratings before being removed from Google Play.

Researchers found some of the infected APKs contained multiple malicious PE files at different locations, with different names. However, two malicious files ended up embedded in most applications.

One of the files was present in 142 APKs, while the second had infected 21 APKs. Researchers also found 15 apps with PE files inside, as well as some APKs with other malicious PE files inside.

The researchers also note that one malicious PE file that infected most of the Android apps was a keylogger. The malicious program attempted to log keystrokes, including sensitive information like credit card numbers, social security numbers and passwords.



Leave a Reply

You must be logged in to post a comment.