Researchers are scratching their heads over the thriller the place 132 Android apps within the official Google Play retailer tried to contaminate smartphones with Home windows malware.
The apps, which have been generated by seven totally different builders, principally contained rigorously hid HTML-based iframe tags that related to 2 closely suspicious malicious domains. In one of many instances, an app did not use iframes however fairly used Microsoft's Visible Primary language to inject a whole obfuscated Home windows.exe file embedded into the HTML. The apps have been outfitted with two capabilities.
One was to insert interstitial advertisements, whereas the opposite was to fixate the primary app. That consisted of a whole lot of work contemplating that the Home windows-based malware was unable to execute on an Android gadget. On prime of that, the 2 domains within the iframes—brenz.pl and chura.pl—have been seized by the polish safety authorities in 2013.
Researchers from Palo Alto Networks—the safety agency that found the 132 Android apps and reported them to Google in order that they could possibly be eliminated—consider the builders did not deliberately embrace the malicious domains and executable. As an alternative, the researchers suspect that the builders unknowingly used the identical contaminated programming platform to code the apps. The dormant domains and the concentrate on Home windows-based malware prevented the apps from posing a menace to the greater than 10,000 individuals who put in the apps.
"By means of this vector, all assets inside the app can be out there to the attackers and beneath their management," the researchers wrote. "They might additionally function silently to switch the developer's designated server with their very own, and consequently, no matter info that was despatched to the developer's server now falls within the arms of the attacker. Superior attackers may also immediately modify the app's inner logic, i.e., including rooting utility, declaring further permissions, or dropping malicious APK file, to escalate their capabilities."