Android apps carry hidden Windows 10 malware
Over 140 apps on the Google Play store have been discovered to contain malicious Windows executable files.
Researchers at Palo Alto Networks found that among the infected apps, several had more than 1,000 installations and carried 4-star ratings.
The Windows code is of course unable to infect Android devices, but as the researchers point out, "The fact that these APK files are infected indicates that the developers are creating the software on compromised Windows systems that are infected with malware. This type of infection is a threat to the software supply chain, as compromising software developers has proven to be an effective tactic for wide scale attacks. Examples include, KeRanger, XcodeGhost, and NotPetya."
The infected apps from developer 'odieapps' include 'Learn to Draw Clothing', an app teaching people how to draw and design garments; 'Modification Trail', an app showing images of trail bike modification ideas; and 'Gymnastics Training Tutorial', an app letting people find ideas for gymnastic moves.
Researchers found that one Android APK may contain several malicious Windows portable executable (PE) files at different locations. Two PE files were most commonly found embedded across the infected apps. One PE file has infected 142 APK files including those apps on Google Play. The second file infected 21 APK files. Of the APK samples 15 had both of these PE files inside. Among these infected APK bundles, researchers found a number of other malicious PE files too, suggesting the developers' machines may be seriously infected by various malware families.
The findings have been reported to Google's security team and all infected apps have now been removed from Google Play. You can find out more on the Palo Alto blog.