A bizarre new type of malware has been detected in around 132 apps in Google Play that had the ability to affect Windows users. The infected apps which included apps for design ideas ranging from cheesecake, to gardening and coffee tables.
Palo Alto Networks discovered the malware-ridden apps and reported them to Google to have them removed from Google Play. The Internet security team in a blog post told that the apps, which were developed by several different people, managed to hide HTML-based iframe tags. The iframe tags, which are generally used to embed external elements in a webpage, like a YouTube video, was also loading elements from malicious domains. In one case, an app didn’t use iframe but Microsoft’s Visual Basic language to load malicious code into the app.
In a simple way HTML files have been infected with malicious IFrames has been through file infecting viruses. After infecting a Windows host, these viruses search the hard drive for HTML files and append IFrames to each document. If a developer was infected with one of these viruses, their app’s HTML files could be infected. However, given that the developers may all be Indonesia, it’s also possible they may have downloaded an infected IDE from the same hosting website or they used the same infected online app generation platform.
Origin of Infection
Most of the infected Android app’s belongs to Indonesia and geographical connections among 7 different developers which all contains straightforward clue comes from the app name. Windows-specific malware were downloaded from domains that have long since been disabled. So, infected apps will not cause damage to Android peoples.