It’s not enough that Google has to patrol the Play store to prevent Android malware apps from sneaking in, but the company will now have to pay attention to Windows malware looking to gain access to the store.
That’s right, Google just removed 145 apps from its app store because they contained malicious files designed to attack Windows PCs.
All the apps have been removed from the Play Store, but they’ve been available to users since last October and November.
The researchers note that the malicious files are useless on Android, so if you downloaded any of the apps, all listed at this link, and used them only on Android, you’re safe. Among the apps, some had over 1,000 installations and 4-star reviews, a hint that developers weren’t trying to deliver Windows malware via Android apps to users.
Palo Alto Network also discovered that not all the apps from the same developer contained the same Windows files, which prompted the researchers to speculate that the developers may have used multiple computers to code the apps. Some of those computers may have been infected with Windows malware, and that’s how it got into the apps.
The report explains that there is one file that seems to infect almost all the apps that Google just removed, a keylogger that could be used on Windows devices to spy on users:
On a Windows system, this keylogger attempts to log keystrokes, which can include sensitive information like credit card numbers, social security numbers, and passwords. Besides, these files fake their names to make their appearance look legitimate. Such names include “Android.exe,” “my music.exe,” “COPY_DOKKEP.exe,” “js.exe,” “gallery.exe,” “images.exe,” “msn.exe” and “css.exe”.
You should be worried if you’ve unpacked the Android app on your computer and ran some of the .exe files in it — check out the full report to see what apps were affected and how to protect yourself.