Click to Skip Ad
Closing in...
TRENDING: iOS 18 iPhone 16 Apple Watch Battery Life M4 MacBook Pro AirPods Max 2 watchOS 11 Apple One Reset AirPods iPad sideloading
Home Tech Security

Google just removed 145 Android apps that contained malware for Windows PCs

By
Published Aug 6th, 2018 7:02PM EDT
Android Malware
Image: Microsoft

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

It’s not enough that Google has to patrol the Play store to prevent Android malware apps from sneaking in, but the company will now have to pay attention to Windows malware looking to gain access to the store.

That’s right, Google just removed 145 apps from its app store because they contained malicious files designed to attack Windows PCs.

It was Palo Alto Networks who discovered the malicious apps (via ZDNet), notifying Google that they contained executable files that could be run on Windows devices.

All the apps have been removed from the Play Store, but they’ve been available to users since last October and November.

The researchers note that the malicious files are useless on Android, so if you downloaded any of the apps, all listed at this link, and used them only on Android, you’re safe. Among the apps, some had over 1,000 installations and 4-star reviews, a hint that developers weren’t trying to deliver Windows malware via Android apps to users.

Palo Alto Network also discovered that not all the apps from the same developer contained the same Windows files, which prompted the researchers to speculate that the developers may have used multiple computers to code the apps. Some of those computers may have been infected with Windows malware, and that’s how it got into the apps.

The report explains that there is one file that seems to infect almost all the apps that Google just removed, a keylogger that could be used on Windows devices to spy on users:

On a Windows system, this keylogger attempts to log keystrokes, which can include sensitive information like credit card numbers, social security numbers, and passwords. Besides, these files fake their names to make their appearance look legitimate. Such names include “Android.exe,” “my music.exe,” “COPY_DOKKEP.exe,” “js.exe,” “gallery.exe,” “images.exe,” “msn.exe” and “css.exe”.­

You should be worried if you’ve unpacked the Android app on your computer and ran some of the .exe files in it — check out the full report to see what apps were affected and how to protect yourself.

This article talks about:

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.

Chris Smith's latest stories

More Tech

Latest News