Android App Contains Windows Worm

By on

When developers are unaware of security they open the door to threats against their customers and users. We are not just talking about exploitable vulnerabilities in their code, but about something much more obvious than that.

Here is the curious case of an Android application on Google Play that contains some traces of malware, but poses no security danger for Android devices. This same application, however, is dangerous to other mobile and PC platforms.

Embedded inside this APK file, McAfee Labs found a Windows worm (Generic Malware.og!ats) that replicates itself via network shares. There is no auto-execution option for the malware on a Windows PC, but a user could run the malicious application by opening the APK (in Zip format) and running the program. This PC malware resides in each Android device that has installed the “KFC WOW@25 Menu” app.

Windows Malware on Google Play

When a legitimate Android application contains a malicious file such as this one (for a Windows PC), it is likely this has occurred due to neglect on the part of the developer. This neglect can be as simple as not securing the development environment.

The developer of this app possibly had outdated antimalware software on the computer, so without realizing that the computer was infected, the source code directory contained a copy of the worm. From there the worm was packaged, signed, and deployed on Google Play, with the developer completely unaware of the file.

code_Windows Malware on Google Play
Windows malware executable file is signed by the developer of the Android app.

Even though this may seem like a low risk and the application has been removed from Google Play, it still poses a risk to consumers.

Another interesting and similar case comes in the form of an infected HTML file containing malicious JavaScript code. This HTML exists within a preinstalled email application present on many Android tablet devices.

html_Windows Malware on Google Play
Email application in the tablet “Joy Tab Gem10312BK.”

We believe malware running on the developer’s PC is capable of infecting all HTML files with this JavaScript, including any ready to be packaged inside an Android app!

The lesson for developers is clear. It is vital to remember the essentials for a secure computer: maintain updated antimalware software, especially if you intend to distribute content to other users.

The cross-platform McAfee antimalware suite protects against these types of threats and alerts customers and developers to prevent infections. McAfee detects these Android applications on Windows platforms.

Leave a Comment

Similar articles

Am I the only one? When I hear or see the word Artificial Intelligence (AI), my mind instantly defaults to images from sci-fi movies I’ve seen like I, Robot, Matrix, and Ex Machina. There’s always been a futuristic element — and self-imposed distance — between AI and myself. But AI is anything but futuristic or ...
Read Blog
As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making ...
Read Blog
Think about it: In the course of your everyday activities — like grocery shopping or riding public transportation — the human body comes in contact with an infinite number of germs. In much the same way, as we go about our digital routines — like shopping, browsing, or watching videos — our devices can also pick ...
Read Blog