Posted on August 7, 2018 at 11:29 AM
One of the largest network security companies in the nation, Palo Alto Networks, has confirmed that more than 140 downloadable apps on the Play Store powered by Google were infected with malign Microsoft Windows PE files. Quite a few of those infected apps were shown to have thousands of downloads and are rated with 4 Stars.
The Good News
The viruses are meant for systems running Windows, which means your Android is most likely not infected. Unfortunately, if you’ve connected your Android device to a Windows PC and downloaded the source code to execute the portable executable file within, then you could almost bet that your device is infected.
A Palo Alto Networks researched blogged:
These embedded Windows executable binaries can only run on Windows systems: they are inert and ineffective on the Android Platform. The fact that these APK files are infected indicates that the developers are creating the software on compromised Windows systems that are infected with malware.
As Palo Alto Networks stated above, the simple fact that Google Play Store allowed apps that contained malicious malware is no good. Software developer “Odieapps” doesn’t seem to be monitoring the security side of apps, which is also something to be concerned about.
Statements have been made by researchers that these types of bugs have the potential to threaten the software stock chain as a whole. They claim that the infections open the door for larger-scale attacks to be made, referencing the NotPetya and KeRanger malware as examples.
The Apps and Their Bugs
Though it is true the apps were shown to contain several different types of bugs designated for Windows systems, almost all of them contained the Windows keylogger infection. The malware bugs were loaded as PE files Though the malware bugs had been created by different developers, a certain PE file had been found hidden within the source code of all but 3 of the 145 infected apps.
According to researchers, the only reason the malware and keylogger were ever able to infiltrate the apps was that the application developers had unknowingly developed the apps on an already infected OS (Operating System).
Here are a few of the apps that were infected:
- Baby Room
- Yoga Meditation
- Unique Graffiti
- Papa Flower
The infected Play Store applications were uploaded in 2017 during the months of October and November, a one-month time frame. The apps were available to be downloaded for as long as 6 months before any red flags were raised. Google immediately pulled the apps from the Play Store once Palo Alto Networks released their findings.