14 DAY TRIAL // It’s not necessarily a surprise that malware is discovered in Google Play Store apps, but this time, there’s something a little bit unexpected in the data found infected.
A report from Palo Alto Networks reveals that a total of 145 applications published on the Google Play Store were infected not with Android malware, but with a Windows virus. The APKs included malicious executable files, a report shows, and the apps have been on the Store for approximately half a year.
The download count reaches 1,000 hits in some cases, and some apps had 4-star ratings. The infected files do not impact Android directly, but instead are specifically aimed at Windows, so they can only cause damage when the APKs are unpacked on a PC.
No harm on Android
The compromised APK files include malicious PE files that can create executables and hidden files in Windows system folders, change Windows registry to automatically boot at start, and connect to a specific IP address, possibly waiting for further commands.
“The malicious PE files cannot directly run on the Android hosts. However, if the APK file is unpacked on a Windows machine and the PE files are accidentally executed, or the developers also issue Windows-based software, or if the developers are infected with malicious files runnable on Android platforms, the situation will go much worse,” research shows.
While it’s not yet known how many users were actually hit by the Windows malware because most of the apps are installed directly on Android devices, Palo Alto Networks says Google has already been informed about the malware and all apps were pulled from the Google Play store.
Even if at first glance it may look like someone tried to publish malware on the Google Play Store, there’s also a chance that the computers used by developers to code and pack the APKs were actually compromised and the infected files were included in their apps unknowingly.
However, scanning each file has become a must-do for all users, regardless of the platform they are aimed at.