Google has recently found 145 apps on its app store which were loaded with malicious files. The apps have since then been removed by Google from its Play Store. However, users which had already downloaded these apps might still be vulnerable to their effect. Within the Android ecosystem, the malicious files are found to be ineffective and instead, have been designed to attack the users' computer once it is connected to the infected Android device. Some of these apps had even been downloaded hundreds of times as per reports.
The malware found in the aforementioned Android apps was designed to gather private data of the users who downloaded these apps. While the malware does not affect the Android devices, they were designed to spread into a Windows system once the affected Android device is plugged into it for charging or file transfer. What's more, one particular key file had been found present across all the affected apps in the form of a keylogger. The keylogger could effectively provide the hackers with a window to spy on the affected system.
The report mentions: 'On a Windows system, this keylogger attempts to log keystrokes, which can include sensitive information like credit card numbers, social security numbers, and passwords'.
Hard to detect
The malicious files on these apps reportedly used a fake name to avoid any suspicion from the user. These names included 'Android.exe,' 'my music.exe,' 'COPY_DOKKEP.exe,' 'js.exe,' 'gallery.exe,' 'images.exe,' 'msn.exe' and 'css.exe'.
The virus found in the apps was also different, even from the same developer, hinting at the use of different computers for the creation of the malicious codes.
Who is at risk?
The infected apps were reportedly live since October 2017. Any user already having the apps on their Android device is vulnerable. Some of these apps were in the form of tutorial apps namely 'Learn to Draw Clothing', 'Modification Trail', 'Gymnastics Training Tutorial' and more.
Palo Alto Networks discovered the malicious apps and notified Google of the same.