It’s one modern mystery that left security experts scratching their heads. Experts may have warned about hackers targeting more mobile users, but this has only encouraged Google to do an even better job of protecting Android phones from malware threats. Sure, Gooligan has made it past Google’s ever-watchful eyes. For the most part, though, Android users have been fairly safe from cyber threats for years. Recently, though, a security company made an interesting discovery: hundreds of apps on Google Play have been hiding a possibly potent malware… from the wrong OS.
Android Apps Carrying Windows Malware?
Based on a comprehensive report from Palo Alto Networks, a cyber security firm, 132 Google Play apps have been harboring in secret what appears to be a malware designed to attack Windows systems.
The affected apps, made by seven different developers, basically showcased ideas ranging from gardening to cheesecake recipes. They’re all pretty harmless at first glance, really.
With careful scrutiny, though, the applications’ codes contained carefully concealed HTML-based iframe tags that connected the app (and by extension, the device) to two heavily disguised malicious portals. One notable app even loaded up an entire piece of malicious code directly into its host app using Microsoft’s Visual Basic language.
Although these details sound outright scary, the malicious apps don’t actually do anything to the Android device. Windows-based malware can only be absolute deadweight in an Android OS. Meaning, they can’t execute and wreak havoc on your Android phone.
Are the App Developers Guilty Here?
It’s a pretty complex scheme, sure, but Palo Alto Networks think the developers were victims themselves. The researchers suspect the developers may have unknowingly used the same infected programming platform to code their apps. This is based on their finding that the affected apps’ coding structure had a noticeable resemblance.
Another reason that led them to believe that the developers weren’t malicious in their motives is the fact that the developers are all proximate to Indonesia. Many of their apps had the striking similarity of bearing the name “Indonesia” within their app names, too.
A more conclusive evidence to prove the developers’ innocence is this: the malicious code linked to dormant domains (namely, brenz.pl and chura.pl). These sites have been taken down by Polish security a few years ago. If they had malicious motives, they could have easily replaced those two with active, malware-laden sites to cause real harm.
Google’s Swift Resolution
Before the apps could wreak havoc (though they really weren’t capable of doing any damage to Android users, to begin with), the researchers at Palo Alto Networks reported the infected programs to Google. Not long after, the Google promptly took all 132 apps down.
Despite the apps being incapable of doing any form of damage to Android users, Google’s resolution is deemed necessary. Why, you ask? Malware, even if left incapacitated, can victimize anyone under the right circumstances.
A Potential for Widespread Disaster
This could all have gone downhill real fast. Although Android users are immune to such a cyber threat, this doesn’t mean the threats are already neutralized. It makes anyone with an infected Android device capable of becoming a “carrier” for the malware, possibly infecting other platforms without the owner’s knowledge.
One needs to look no further than 2015 to find evidence on how attacking developers can massively impact consumers.
At the height of the XcodeGhost outbreak, the first major iOS malware attack, hundreds of millions of devices worldwide were infected. Several smartphone owners had their critical info stolen upon installing infected Apple App Store applications on their iOS device.
It was a digital mayhem no one could ever sufficiently prepare for. Thankfully, history didn’t repeat itself this time around.
Stay Safe, Android Fans!
We may have dodged the bullet here, but we shouldn’t let our guard down. Google highly recommends that we all go over and heed their tips to keep your Android device safe. If their list seems too long and complex, here are some rules of thumb to remember:
- Keep your Android OS updated. Every new Android OS update brings with it critical security patches. Keep your device’s OS up-to-date if you don’t want it to be defenseless against new malware strains.
- Don’t install apps from unknown sources. While the infected apps we’ve talked about in this post came directly from Google Play’s official inventory, the situation is considered a rare case. For the most part, your Android phone could be an easier target for malware attacks if you install applications from uncertified developers.
- Download a reliable mobile antivirus app. Before you go surfing the Web or download anything on your Android phone or tablet, get a powerful anti-malware app installed. Can’t seem to determine which one to go for? Well, you’d be wise to put your faith on antivirus (AV) apps made by the most renowned AV companies today.
Stay safe in cyberspace, everyone!