Leave a comment

145 Google Play apps found to be hiding Windows malware

145 Google Play apps found to be hiding Windows malware
© Guido Steiner | Dreamstime.com

Android owners know that the Google Play Store is still the safest source of Android apps. But despite Google's best efforts, sometimes rogue apps can still slip through its screening process.

As with almost every type of malware out there, everything is not what it seems. Take these newly discovered malicious Android apps, for example.

On the surface, they may look like your ordinary, run-of-the-mill smartphone apps but hidden within their core, they're a threat to another system altogether.

145 apps compromised

Google recently removed 145 apps from the official Google Play app store because they were discovered to be harboring malicious Windows malware files.

According to security researchers from Palo Alto Networks, the majority of the infected apps were released on Google Play between October 2017 and November 2017.

This means that the apps have been available in Google Play for more than six months. At the point of their removal, some of the infected apps have more than 1,000 installs and even 4-star ratings!

Included in the list of infected apps were tutorial apps for drawing, clothing design, and tutorials for home improvement and various hobbies. (Keep reading for a list of all the infected apps.)

Meant for Windows PCs

The most interesting part about this whole affair is that Android gadgets are actually safe from these infected apps. Yep, if you've downloaded and installed any of these Android apps, your phone or tablet is actually immune from the embedded malware.

However, if you've transferred and unpacked the app to a Windows PC, then your machine is vulnerable to attacks.

How could this be? Palo Alto researchers said that this indicates that the apps were developed on infected Windows machines. This means that the developers may not even know that malware was piggyback riding on their apps.

The researchers also noted that not all the apps coming from the same developer are infected. This led them to believe that the developers used different computers for creating their apps.

Compromising developer computers is a growing concern among security firms.

"The development environment is a critical part of the software development life cycle. We should always try to secure it first. Otherwise, other security countermeasures could just be attempts in vain," the researchers wrote in their blog.

Windows keylogger included

According to Palo Alto, the most prevalent type of malicious file that was present in all but three of the infected Android apps was a Windows keylogger.

If this program's .exe file is launched, it will attempt to record all the keystrokes inputted on your computer including passwords, credit card numbers, security codes, usernames and Social Security numbers.

The malicious files are also camouflaged with fake names to avoid detection. If you spot names like “Android.exe”, “my music.exe”, “COPY_DOKKEP.exe”, “js.exe”, “gallery.exe”, “images.exe”, “msn.exe” and “css.exe” on an app's unpacked files, delete them immediately.

List of infected apps:

Although the apps have been removed from the Google Play app store, you may have installed them on your gadget and it is advised that you delete them as soon as you can.

For your protection, here's a list of the apps:

App NamePackage Name
Baby Roomcom.KamarBaYi.odieapps
Motor Trailcom.MotorTraiL.odieapps
Tattoo Namecom.TatToNaMa.odieapps
Car garagecoml.GaRaSiMobiL.odieapps
Japanese Gardencom.TaMaNJapanG.odieapps
Koi fishcom.IkanKoI.odieapps
House Terracecom.TeRaSRumaH.odieapps
Skirt Designcom.DesainRokK.odieapps
Yoga Meditationcom.MeditasiYoga.odieapps
Shoe rackcom.RaKSepatU.odieapps
Unique T-shirtcom.KaoSUniK.odieapps
Mens Shoescom.SepatuPriA.odieapps
TV RuanG TaMucom.TVRuanGTaMu.odieapps
Idea Glassescom.IdeaKacamata.odieapps
Fashion Muslimcom.FashioNMusLiM.odieapps
Braceletcom.GelangTut.odieapps
Clothing Drawingcom.BusanaMenggambar.odieapps
Minimalist Kitchencom.DapuRMiniMaLis.odieapps
Nail Artcom.SeNiKuKu.odieapps
Ice cream stickcom.StikEzKriM.odieapps
Roofcom.AtapRumaH.odieapps
Children Clothescom.BusanaAnaK.odieapps
Home Ceilingcom.PlaFoNRumaH.odieapps
PoLa BaJucom.PoLaBaJU.odieapps
Living roomcom.RuanGTaMu.odieapps
Bookshelfcom.RakBuKu.odieapps
Knitted Babycom.RajutanBayI.odieapps
Hair Paintcom.CaTRambuT.odieapps
Wall Decorationcom.DekoraSiDinding.odieapps
Painting Mahendicom.MelukisMehndi.odieapps
Bodybuildercom.Binaragawan.odieapps
Couple shirtscom.KaosCouple.odieapps
Unique Graffiticom.GrafitiUniK.odieapps
Paper flowercom.BungaKerTas.odieapps
Night gowncom.BaJuTiDuR.odieapps
Wardrobe Ideascom.IdeLeMaRi.odieapps
Dining tablecom.MejaMakaN.odieapps
Gymnasticscom.LatiHaNSeNaM.odieapps
Use Childcom.PakaiAnAnak.odieapps
Window Designcom.DesainJenDeLa.odieapps
Hijab StyLecom.HijabStyLe.odieapps
Wing Chuncom.TeknikWingChuni.xsadroid
Fencing Techniquecom.TeknikAnggar.xsadroid

Tap or click here to read Palo Alto Networks' report.

Bonus: Backing up your critical files is important with all the digital threats we face. We recommend our sponsor, IDrive, for fast and reliable cloud backups. Tap or click here to backup all your gadgets with IDrive and save 50% on all your backup needs.

In other news, bank details of thousands exposed online for more than a year

Keeping customer information safe from hackers and threat actors is a tall order for companies nowadays. This time around, the sensitive financial information of thousands of people has been leaked due to a bank's third-party vendor's mistake. Click here to learn why.

Next Story
How a smartwatch saved a man's life
Previous Happening Now

How a smartwatch saved a man's life

Wow! Millions of medical records were easily available to would-be hackers
Next Happening Now

Wow! Millions of medical records were easily available to would-be hackers

View Comments ()