Cyber criminals have come up with yet another tactic that leaves security researchers puzzled. It appears windows malware code is showing up in Android applications all of a sudden. While that may sound rather strange, it appears several dozen Android apps are infected with malicious iFrames. All of these apps are currently listed in the Google Play Store, which makes this whole ordeal even more troublesome.
Android Apps Contain Windows Malware
Palo Alto Networks’ security researchers are quite baffled by this recent discovery. While it is not uncommon to find malware within Android applications on the Google Play Store, it is the first time windows malware is embedded into these apps. To be more precise, 132 applications have hidden iFrames embedded in the code which link to malicious domains in their local HTML pages. The goal of doing this is to ensure users download the malware hosted on those websites.
The bigger question is what the criminals hope to achieve by spreading Windows malware through Android applications. It is very likely the developers of these applications have become a victim of criminal activity themselves, rather than deliberately taking this approach. More specifically, the developers’ developer platforms may have been infected with this Windows malware, which then embeds itself within the framework.
Assuming that is the case, it goes to show mobile app developers can spread malware without even being aware of doing so. This allows criminals to infected millions of users with relative ease, as they don’t even have to develop malicious applications themselves. The fact these apps are also listed in the Google Play Store is quite disconcerting, as Google should weed out these problematic apps in the first place.
One SophosLabs researcher feels there is a lot more to this story than meets the eye, though. Rowland Yu is convinced this is not a case where innocent developers were attacked by malware, he believes all of the uncovered apps are created by one and the same developer on purpose. Apparently, there is the name of “Nandarok” which keeps coming back throughout various stages of the research. It is possible other developers are involved in this deliberate scheme as well, although that has not been confirmed at this time.
Several dozen Android applications all trace back to the Nandarok developer name. It appears this developer is targeting users in a very specific manner. One of the most top downloaded apps created by this developer is called “Girls phone numbers”, which saw between 100,000 and 500,000 downloads. A rather unusual approach to spreading malware, but it seems to be rather effective. Thankfully, Windows malware can’t do any major harm to Android devices, at least for the time being.
Thankfully, Google has been alerted about these several dozen applications which pose a problem. The technology giant started to remove these applications one by one, although there is still a lot of work to be done. Security researchers will have to keep an eye on the Play Store to ensure no new Windows malware-laden applications will show up in the future. For now, it is advised Android users do not download any applications developed by Nandarok, as they are all at risk of containing malware.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
