Researchers have discovered Windows malware present in 132 Android apps, despite that it has no effect on the Android platform. The study was carried out by security firm Palo Alto Networks who claims that the harmful code arrived in the form of “tiny hidden IFrames” — HTML documents embedded inside other HTML documents — that were linking out to well-known malicious domains from within the apps.
Though the 132 apps in question were developed by seven unrelated developers, Palo Alto says they all appear to originate from Indonesia. The security team also claims that the developers themselves were likely completely unaware of the malware’s existence.
“Our investigation indicates that the developers of these infected apps are not to blame, but are more likely victims themselves,” said the researchers. “We believe it is most likely that the app developers’ development platforms were infected with malware that searches for HTML pages and injects malicious content at the end of the HTML pages it finds.”
The malware in this instance didn’t cause an damage, however, Palo Alto warns that this could lead to a troubling scenario in which platforms are used carriers for malware which operates elsewhere. Palo Alto also noted that, with a few adjustments, attackers could use this type of malware to “Modify the app’s internal logic, i.e., adding rooting utility, declaring additional permissions, or dropping malicious APK file, to escalate their capabilities.”
The security firm says that it has reported its findings to Google’s Security Team and the infected apps have now been removed from the Google Play Store.
The implications might sound frightening, but Google’s system for finding malware seems to be operating pretty well so far, considering it has to account for billions of Android devices and millions of apps. That’s my take on the subject, but where do you stand on Google’s security efforts? Give me your thoughts in the comments.