Android owners know that the Google Play Store is still the safest source of Android apps. But despite Google’s best efforts, sometimes rogue apps can still slip through its screening process.
As with almost every type of malware out there, everything is not what it seems. Take these newly discovered malicious Android apps, for example.
On the surface, they may look like your ordinary, run-of-the-mill smartphone apps but hidden within their core, they’re a threat to another system altogether.
145 apps compromised
Google recently removed 145 apps from the official Google Play app store because they were discovered to be harboring malicious Windows malware files.
According to security researchers from Palo Alto Networks, the majority of the infected apps were released on Google Play between October 2017 and November 2017.
This means that the apps have been available in Google Play for more than six months. At the point of their removal, some of the infected apps have more than 1,000 installs and even 4-star ratings!
Included in the list of infected apps were tutorial apps for drawing, clothing design, and tutorials for home improvement and various hobbies. (Keep reading for a list of all the infected apps.)
Meant for Windows PCs
The most interesting part about this whole affair is that Android gadgets are actually safe from these infected apps. Yep, if you’ve downloaded and installed any of these Android apps, your phone or tablet is actually immune from the embedded malware.
However, if you’ve transferred and unpacked the app to a Windows PC, then your machine is vulnerable to attacks.
How could this be? Palo Alto researchers said that this indicates that the apps were developed on infected Windows machines. This means that the developers may not even know that malware was piggyback riding on their apps.
The researchers also noted that not all the apps coming from the same developer are infected. This led them to believe that the developers used different computers for creating their apps.
Compromising developer computers is a growing concern among security firms.
“The development environment is a critical part of the software development life cycle. We should always try to secure it first. Otherwise, other security countermeasures could just be attempts in vain,” the researchers wrote in their blog.
Windows keylogger included
According to Palo Alto, the most prevalent type of malicious file that was present in all but three of the infected Android apps was a Windows keylogger.
If this program’s .exe file is launched, it will attempt to record all the keystrokes inputted on your computer including passwords, credit card numbers, security codes, usernames and Social Security numbers.
The malicious files are also camouflaged with fake names to avoid detection. If you spot names like “Android.exe”, “my music.exe”, “COPY_DOKKEP.exe”, “js.exe”, “gallery.exe”, “images.exe”, “msn.exe” and “css.exe” on an app’s unpacked files, delete them immediately.
List of infected apps:
Although the apps have been removed from the Google Play app store, you may have installed them on your gadget and it is advised that you delete them as soon as you can.
For your protection, here’s a list of the apps:
|App Name||Package Name|
|TV RuanG TaMu||com.TVRuanGTaMu.odieapps|
|Ice cream stick||com.StikEzKriM.odieapps|
Bonus: Backing up your critical files is important with all the digital threats we face. We recommend our sponsor, IDrive, for fast and reliable cloud backups. Tap or click here to backup all your gadgets with IDrive and save 50% on all your backup needs.