More than 130 Android apps containing some malicious coding managed to infiltrate the Google Play store, possibly because the developers’ tools that built them were tainted, according to security researchers.
More than 130 Android apps on the Google Play store have been found to contain malicious coding, possibly because the developers were using infected computers, according to security researchers.
The 132 apps were found generating hidden iframes, or an HTML document embedded inside a webpage, linking to two domains that have hosted malware, according to security firm Palo Alto Networks.
Google has already removed the apps from its Play store. But what’s interesting is the developers behind the apps probably aren’t to blame for including the malicious code, Palo Alto Networks said in a Wednesday blog post.
Instead, the platforms the developers used to build these apps were probably infected with malware that looks for HTML pages and then injects the malicious coding, the company said.
Many of these tainted apps offered design ideas for things like cheesecakes, landscaping a garden, or laying out a patio. The most popular had more than 10,000 downloads.
One of the apps found injected with malicious coding.
When installed, the apps would display seemingly benign webpages. However, in reality, the pages shown contain a tiny hidden iframe that links to two suspicious domains.
Both domains were previously involved in hosting Windows malware. But in 2013, a Polish security team took over the domains, and they’ve effectively been shut down, Palo Alto Networks said.
