In a rather puzzling discovery, researchers have found that 132 Android applications on the Google Play Store have been trying to infect users with Windows malware when downloaded.
This raises quite a few eyebrows, as Play Store apps and Windows do not generally co-relate with one another. The malware, created by seven developers, contain tiny concealed IFrames, which link Android users to their local HTML pages. These pages, in turn, contain malicious domains and end up infecting the device.
The vulnerability was brought to light by researchers at Palo Alto Networks who revealed that the most popular app, which was malicious, was downloaded 10,000 times.
How Does The Malware Work?
Developers seem to be the only victims of this ploy, and researchers have concluded that all the developers are located in Indonesia. The researchers said that an easy way through which the files could have been affected with the harmful IFrames was through viruses such as Ramnit.
Once these viruses invade a Windows platform, they scour the hard drive for various HTML files and fix malicious IFrames in each file.
If a developer is invaded by these type of files, the apps developed by them can also get infected. Since all the developers were from Indonesia, it is quite possible that they downloaded an infected environment from the same local host website. A common infected app development platform could also be another reason.
The effect is not permanent, thankfully. Android users do not have much to fear, as the infected applications and malware do not cause much harm to the interface or software.
Who Is To Blame?
The app developers are not at fault in this case claims Palo Alto Networks. The researchers believe that the developers' platforms originally contained malware which search for HTML pages and insert harmful content at the end of the found results.
"If this is this case, this is another situation where mobile malware originated from infected development platforms without developers' awareness," the researchers noted.
Are The Apps Gone?
Google took immediate action on this security breach and removed the apps from its Play Store. The apps included ideas for gardening, décor, and cooking. One had approximately 10,000 downloads.
The common thing between all these applications was that each one of them displayed still images on static HTML pages on Android WebView, as a part of the attack. At first glance, these pages seemed harmless, but deeper analysis showed that these pages contained IFrames which linked the users to malicious domains.
Another of these infected web pages also downloads a malicious Windows executable file, but since Android platform does not support Windows, the file does not actually execute.
Now that all the apps have been removed from the Play Store, Android users can breathe a sigh of relief.