Troubling news come from security professionals as an investigation of Google’s Play Store marketplace for mobile applications has resulted in the detection of 132 applications suffering from a Malware infection. The infection in question is a Windows malware found within an iframe from the HTML source code. The HTML pages were used in all detected applications that suffer from the infection.
The bulk of the infection would download at a later date once users installed the application and were exposed to the HTML pages. This would happen through a connection made by the iframe to remote servers. The affiliated servers were known by specialist as being involved in multiple other malicious incidents revolving around Microsoft’s Windows platform. At the time of the Play Store discovery, the servers is said to have been offline.
One app out of the 132 discovered ones that are infected is a special case. What this one has and the other 131 don’t is an additional script in the code that upon installation would attempt to drop a .exe onto the smartphone. The .exe extension pertains to Windows executables or applications. On Android devices this type of file is unable to run therefore no harm could be done. Specialists say that this .exe file would have been capable of changing Firewall settings, alter networks and multiply itself within the infected system.
What security experts have deducted from this is the fact that the developers of these apps haven’t infected them on purpose. Taking all the evidence into consideration, it would seem that the developers had gotten infected themselves and the apps picked up the malware in to process of being added to the Play Store. This was given away by things like the malware dropping a .exe file on Android, and the fact that many of the connected servers lead to what is referred to as sinkholes. These have been brought to light as long as 4 years ago, so we are likely looking at some sort of leftovers from a previous attack campaign against Windows systems.
Leave a Reply