Google just removed over 100 apps infected with Windows malware

[midian182]

In brief: We know from experience that malware-loaded apps sometimes sneak their way onto the Play store, but the 145 infected applications Google just removed were a bit different: they contained malware designed to infect Windows machines.

Cybersecurity company Palo Alto Networks informed Google of the apps, which contained malicious Microsoft Windows executable files. They were released between October 2017 and November 2017, so they were available to consumers for months before being removed. Some of them had been downloaded over 1000 times and boasted 4-star reviews.

What’s unusual about these particular apps is that they posed no threat to Android users, even though they were made for Google’s mobile platform. But anyone who unpacked the apps on a Windows machine and ran any of the .exe files put themselves at risk.

It’s suspected that the malware made its way onto the apps through the developers creating them on “compromised Windows systems.” Not all of the software from the same developer contained malicious files, leading to speculation that different computers were used to create different apps.

“Some of the infected apps include “Learn to Draw Clothing”, an app teaching people how to draw and design clothing; “Modification Trail”, an app showing images of trail bike modification ideas; “Gymnastics Training Tutorial”, an app letting people find healthy ideas for gymnastic moves,” explains the firm.

One file found on virtually all of the infected apps was a Windows keylogger, which could be used to steal sensitive information such as passwords and credit card numbers. Other malicious activities included creating executable and hidden files in Windows folders, changing the registry, and connecting to a specific IP address.

While most users won’t have been affected by the apps, the number of downloads they received means at least some people could have unpacked them in Windows. Check out the full list of programs here.

Permalink to story.

https://www.techspot.com/news/75845-google-removed-over-100-apps-infected-windows-malware.html

 

[BlissBreaker]

I came across a very strange set of circumstances that I don't fully understand. A Samsung J3 was purchased on Amazon. Somehow that damn phone was able to infect the router itself and force installed HalogenOS on every mobile phone unfortunate enough to connect to the same network. No notifications, No warnings, nothing Just a sharp drop in connection speed and storage. Tinkered a bit and came across a Samba server using fing. Doing so allowed me to access a folder that was on top of the actual root directory but was being treated as Root with all the restrictions involved. I found hundreds of files made just to restore each other. This phone also has a persistent connection to more than 4 servers with a myriad of encryptions and hidden/forced VPN settings. Everything is being archived on a Home Server in Colorado titled CarollBlyth. I took on the job thinking I could just flash and call it a Payday. I can't even find proof the bootloader still exists. The worst part is this little friggin phone infected my business through the USB and in order to protect consumer data I straight up smashed the gateway. Including equipment, time, and legal fees I paid out just shy of 20k. My final solution was a refund and I bought the lady a new one. I still don't know what happened and I felt totally ashamed of it. I now require proof of purchase before I accept Smartphones and let me suggest you don't buy pre-owned anymore. If this had happened to my father he would have sued the poor woman.

 

[Aux101]

Very interesting to know. Thanks for sharing.