Sunday, July 14, 2024
EHA

Google Removed 145 Malicious Apps from Google Play Store that Carries Windows Malware

Google removed around 145 apps from the Google Play store that infected by Windows Malware which are not developed to infect the Android platform but for windows OS devices.

Removed APK files are infected while developers are creating these apps in compromised windows platform where attackers infect the applications with Windows-based keylogger.

These types of attacks are targeting the software supply chain which means that, trusted compromised platform used for carries the infection to other platforms.

These infected apps are being in the Google Play store for almost 6 months and most the apps are released in the Google Play store between October 2017 and November 2017.

All among the removed infected apps have more than 1,000 installations and 4-star ratings and all the apps are not belongs to a single developer.

According to paloalto networks researchers, Most of the infected apps are  include “Learn to Draw Clothing”, an app teaching people how to draw and design clothing; “Modification Trail”, an app showing images of trail bike modification ideas; “Gymnastics Training Tutorial”, an app letting people find healthy ideas for gymnastic moves.”

How Does this Malware infection Work

Researchers identified different malicious PE files that infected different apps and there are 2 main PE files that infect many of the removed apps.

Apart from this, researchers identified several malicious PE files and these infection files indicate that developers used machines are having a serious infection.

All among the removed malicious apps, there is one common malicious PE files that infect almost all the Android apps which carry windows Keylogger.

This Windows Malware contains not only keylogging future but it steals sensitive information like credit card numbers, social security numbers and passwords.

“These files fake their names to make their appearance look legitimate. Such names include “Android.exe”, “my music.exe”, “COPY_DOKKEP.exe”, “js.exe”, “gallery.exe”, “images.exe”, “msn.exe” and “css.exe”.­”

Also, it contains other malicious activities such as attempts to sleep for a long period, Changes Windows registry, Creates executable and hidden files.

“The Windows Malware cannot directly run on the Android hosts. However, if the APK file is unpacked on a Windows machine and the PE files are accidentally executed, or the developers also issue Windows-based software, or if the developers are infected with malicious files runnable on Android platforms, the situation will go much worse, researchers said.”

All the infected apps have been reported to the Google Security Team and all infected apps have been removed from Google Play.

Also Read

Beware of Fake Banking Malware Apps in Google Play That Steals Credit Card Details and Internet Banking Credentials

Most Important Android Security Penetration Testing Tools for Hackers & Security Professionals

Google Released Security Updates for More than 40 Android Security vulnerabilities

Android Device With Open ADB Ports Exploited to Spread Satori Variant of Mirai Botnet

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles