Home > Mobile > Security firm identifies over 100 malware-infected…

Security firm identifies over 100 malware-infected Android apps, but don't panic

Why it matters to you

It's important to stay mindful of mobile malware, especially as attackers migrate from legacy platforms like PC onto modern mobile operating systems.

While many users are more aware of the threat of mobile malware today than in years past, and Google has made significant strides in protecting phones from those toxic apps, the risk never completely goes away. Vulnerabilities can present in the unlikeliest of ways, as this report from security firm Palo Alto Networks explains.

The company cites 132 apps on the Google Play Store that feature malware — though not the kind that could actually do any harm to your smartphone. The reason being, these apps attempt to install a Windows executable file, which Android devices do not support.

More: This is how Google ensures the Play Store remains free from potential malware

At first glance, it appears to be a completely ineffectual attempt at attacking users, until you consider the possibility that these apps were actually infected with malicious code unbeknownst to the developer. The malware exploits the apps’ use of Android WebView to link to dangerous HTML sites, that then attempt to install a file designed for Windows onto the device. Palo Alto goes into greater detail, identifying specific lines of code that act as the culprits, but the important point to note is that none of it could actually compromise your phone in any way.

On Windows, the malware would reportedly modify firewall settings, alter the network hosts file, and copy and inject itself into numerous other processes. The apps in question span seven different developers, and security analysts speculate it may have arrived on Android by way of a file-infecting virus. These viruses would in turn seek out and infect HTML files on the developers’ computers, and it’s not hard to imagine how they could then spread to software published on the Play Store. A common online development platform used to produce all of the affected apps may have been the origin.

Ultimately, Google would classify this as a “non-Android threat” — terminology for applications that are unable to harm a user’s device, but are potentially damaging to other platforms. After reporting its findings to Google, Palo Alto says all the offenders were removed from the Play Store.

While it’s not terribly comforting to know your device may have been a conduit for malware without ever realizing it, the work done by Google and security firms like Palo Alto does shed some light on the multitude of ways in which a virus can spread — and that will, in turn, make our devices safer.