More than 130 Android apps on the Google Play store have been found to contain malicious coding, possibly because the developers were using infected computers, according to security researchers.
Google has already deleted the apps from its Play store. The developers behind the apps probably aren’t to blame for including the malicious code, Palo Alto Networks said in a Wednesday blog post. It’s possible the developers behind these apps had their Windows machines infected with malware.
The 132 apps were found generating hidden iframes, or an HTML document embedded inside a webpage, linking to two domains that have hosted malware, according to security firm Palo Alto Networks.
Some malware, such as the Window-based Ramnit, have been known to search for files on a computer and inject them with malicious coding, Palo Alto Networks said. “After infecting a Windows host, these viruses search the hard drive for HTML files and append iFrames to each document,” the company said.
“If a developer was infected with one of these viruses, their app’s HTML files could be infected,” Palo Alto Networks added.
In another scenario, it’s possible the app makers downloaded developer tools that were already tainted with the malicious coding.
Because these 132 apps linked to two now defunct malicious domains, they actually don’t pose much of a threat. It may be that whoever tampered with these apps did so accidentally.
“File infecting viruses can bounce around for years, even after these domains are taken offline,” Ryan Olson, intelligence director at Palo Alto Networks, said in an email.