In brief: We know from experience that malware-loaded apps sometimes sneak their way onto the Play store, but the 145 infected applications Google just removed were a bit different: they contained malware designed to infect Windows machines.
Cybersecurity company Palo Alto Networks informed Google of the apps, which contained malicious Microsoft Windows executable files. They were released between October 2017 and November 2017, so they were available to consumers for months before being removed. Some of them had been downloaded over 1000 times and boasted 4-star reviews.
What’s unusual about these particular apps is that they posed no threat to Android users, even though they were made for Google’s mobile platform. But anyone who unpacked the apps on a Windows machine and ran any of the .exe files put themselves at risk.
It’s suspected that the malware made its way onto the apps through the developers creating them on “compromised Windows systems.” Not all of the software from the same developer contained malicious files, leading to speculation that different computers were used to create different apps.
“Some of the infected apps include “Learn to Draw Clothing”, an app teaching people how to draw and design clothing; “Modification Trail”, an app showing images of trail bike modification ideas; “Gymnastics Training Tutorial”, an app letting people find healthy ideas for gymnastic moves,” explains the firm.
One file found on virtually all of the infected apps was a Windows keylogger, which could be used to steal sensitive information such as passwords and credit card numbers. Other malicious activities included creating executable and hidden files in Windows folders, changing the registry, and connecting to a specific IP address.
While most users won’t have been affected by the apps, the number of downloads they received means at least some people could have unpacked them in Windows. Check out the full list of programs here.