Google has removed 145 Android apps infected with Windows malware from the official Play Store after a report from security researchers at Palo Alto Networks.
None of the removed applications were chart-toppers, but small-time apps with only a few reaching 1,000 installations and gaining 4-star ratings.
Experts say the 145 Android apps were infected with various types of Windows malware strains packed Portable Executable (PE) files.
Different apps were infected with different strains, and some apps were infected multiple times, sometimes with different malware. The apps were created by different developers. Some developers had both clean and infected apps uploaded on their profile.
Palo Alto Networks says one particular PE file was found inside the source code of 142 apps alone. That's all but three of the entire apps Google removed from its portal. This file, researchers said, was a Windows-based keylogger.
Security researchers believe all these malware strains, and the keylogger, in particular, ended up inside these apps after their developers got infected with malware. The most likely scenario is that the malware was configured to drop copies of itself across different folders on the infected OS, and eventually dropped one inside the source code of the mobile app the devs were creating.
Developers eventually compiled their app and uploaded it to the Play Store. Palo Alto Networks experts say all the apps infected with the various strains of PE-based malware they found were uploaded to the Play Store between October 2017 and November 2017.
This short interval suggests the period during which the developers of those apps appear to have been infected with the various strains of malware found in their apps. This also explains why other apps from the same devs never contained the same malware, being created before or after this period.
In the grand scheme of things, all of these apps are harmless for Android users since the malware contained within is packed as a binary meant for Windows-based platforms.
Unless users connect their phones to a Windows PC, download an app's source code, and run the PE files found inside, there is no danger to Android users.
The list of apps that contained Windows malware can be found at the bottom of this Palo Alto Networks report.
This is the second time Palo Alto Networks researchers find Windows malware inside Android apps. In March this year, they worked with Google to remove 132 apps that contained a malicious iframe hidden inside the HTML files embedded in those apps. Zscaler also reported on the same incident.
A year earlier, in March 2017, ESET mobile security expert Lukas Stefanko found remnants of the Cerber ransomware inside two Android apps uploaded on the Google Play Store.