Google Removes 132 Apps Due to Malicious Malware
Posted by: Timothy Weaver on 03/03/2017 02:30 PM
[
Comments
]
Google removed 132 apps from its Google Play store after security researchers discovered that they had been injected with malicious iFrames.
The creators of the apps were not to blame, but instead, the development platform that was used to create the apps was itself infected.
Palo Alto Networks’ Unit 42 researcher estimated that there were 250,000 installs of the 132 rogue apps. “The developers of these infected apps can’t be blamed. They are the victims here,” said researcher Ryan Olson.
The domains used in the malware, however, have been under the control of Poland’s Computer Emergency Response Team for the past three years.
The function of the 132 Android apps was to download niche webpages for offline or cached viewing. Once a user opened one of the webpages, a popup would appear directing the user to malicious domains. Since the domains were under control of the Polish CERT, there was no risk to the Android users.
Unit 42 said a more focused attack using this technique could be successful. “An attacker could easily replace the current malicious domains with advertising URLs to generate revenue… Secondly, aggressive attackers could place malicious scripts on the remote server and utilize a JavaScript interface to access the infected apps’ native functionality.”
Unit 42 also added: “They could also operate silently to replace the developer’s designated server with their own, and as a result, whatever information that was sent to developer’s server now falls in hands of the attacker.”
Source: Threat Post
The creators of the apps were not to blame, but instead, the development platform that was used to create the apps was itself infected. Palo Alto Networks’ Unit 42 researcher estimated that there were 250,000 installs of the 132 rogue apps. “The developers of these infected apps can’t be blamed. They are the victims here,” said researcher Ryan Olson.
The domains used in the malware, however, have been under the control of Poland’s Computer Emergency Response Team for the past three years.
The function of the 132 Android apps was to download niche webpages for offline or cached viewing. Once a user opened one of the webpages, a popup would appear directing the user to malicious domains. Since the domains were under control of the Polish CERT, there was no risk to the Android users.
Unit 42 said a more focused attack using this technique could be successful. “An attacker could easily replace the current malicious domains with advertising URLs to generate revenue… Secondly, aggressive attackers could place malicious scripts on the remote server and utilize a JavaScript interface to access the infected apps’ native functionality.”
Unit 42 also added: “They could also operate silently to replace the developer’s designated server with their own, and as a result, whatever information that was sent to developer’s server now falls in hands of the attacker.”
Source: Threat Post
Comments
