Google purges 145 Android apps infected with, er, Windows malware

Devs need to make sure they're running decent anti-virus

GOOGLE HAS PURGED 145 Android apps that contained malware designed to attack Windows PCs, of all things.

The infected apps were discovered by Palo Alto Networks’ Unit 42 security research team, which alerted Google to the apps which contained executable files that could be set loose on Windows machines.

You might be scratching your head wondering why the hell hackers would put Windows malware in Android apps, given the two operating systems don’t really have similar foundations.

Well, it turns out, the malware spread into Android apps that were developed on infected Windows PCs.

“The infected APK files do not pose any threat to Android devices, as these embedded Windows executable binaries can only run on Windows systems: they are inert and ineffective on the Android platform,” said the Unit 42 researchers.

“The fact that these APK files are infected indicates that the developers are creating the software on compromised Windows systems that are infected with malware. This type of infection is a threat to the software supply chain, as compromising software developers has proven to be an effective tactic for wide-scale attacks. Examples include, KeRanger, XcodeGhost, and  NotPetya.”

Given the dangerous nature of NotPetya, this supply chain-level infection is arguably pretty serious even though the infected apps pose no risk to Android users. Unit 42’s security boffins warned that if the malware did contain executables that could work on Android, this spread of malware through the app supply chain could have been a heck of a lot worse in this case.

“The development environment is a critical part of the software development life cycle. We should always try to secure it first. Otherwise other security countermeasures could just be attempts in vain,” they noted.

This likely means Google will also need to up its policing of the app submitted to the Play Store as it’ll not only need to look out for Android-attacking malware but also nuggets of malicious code that can pose a risk to other devices as well. µ