Google Removes 132 Apps Due to Malicious Malware
Posted by: Timothy Weaver on 03/03/2017 09:30 AM
[
Comments
]
Google removed 132 apps from its Google Play store after security researchers discovered that they had been injected with malicious iFrames.
The creators of the apps were not to blame, but instead, the development platform that was used to create the apps was itself infected.
Palo Alto Networksâ Unit 42 researcher estimated that there were 250,000 installs of the 132 rogue apps. âThe developers of these infected apps canât be blamed. They are the victims here,â said researcher Ryan Olson.
The domains used in the malware, however, have been under the control of Polandâs Computer Emergency Response Team for the past three years.
The function of the 132 Android apps was to download niche webpages for offline or cached viewing. Once a user opened one of the webpages, a popup would appear directing the user to malicious domains. Since the domains were under control of the Polish CERT, there was no risk to the Android users.
Unit 42 said a more focused attack using this technique could be successful. âAn attacker could easily replace the current malicious domains with advertising URLs to generate revenue⌠Secondly, aggressive attackers could place malicious scripts on the remote server and utilize a JavaScript interface to access the infected appsâ native functionality.â
Unit 42 also added: âThey could also operate silently to replace the developerâs designated server with their own, and as a result, whatever information that was sent to developerâs server now falls in hands of the attacker.â
Source: Threat Post
The creators of the apps were not to blame, but instead, the development platform that was used to create the apps was itself infected. Palo Alto Networksâ Unit 42 researcher estimated that there were 250,000 installs of the 132 rogue apps. âThe developers of these infected apps canât be blamed. They are the victims here,â said researcher Ryan Olson.
The domains used in the malware, however, have been under the control of Polandâs Computer Emergency Response Team for the past three years.
The function of the 132 Android apps was to download niche webpages for offline or cached viewing. Once a user opened one of the webpages, a popup would appear directing the user to malicious domains. Since the domains were under control of the Polish CERT, there was no risk to the Android users.
Unit 42 said a more focused attack using this technique could be successful. âAn attacker could easily replace the current malicious domains with advertising URLs to generate revenue⌠Secondly, aggressive attackers could place malicious scripts on the remote server and utilize a JavaScript interface to access the infected appsâ native functionality.â
Unit 42 also added: âThey could also operate silently to replace the developerâs designated server with their own, and as a result, whatever information that was sent to developerâs server now falls in hands of the attacker.â
Source: Threat Post
Comments
