Google removes hundreds of Android apps that infected with Windows executable files

It  is essential for developers to download development tools from official  channels, otherwise, it is very likely that they will install  development tools with Trojans.

In the past few years, many  well-known domestic applications have been infected with XcodeGhost  code, and the applications of top developers including Tencent have been  infected.

This Android platform also suffered a hijacking similar to XcodeGhost malware, with more than hundreds of applications being infected with keyloggers and so on.

Attacks against developers:

The Paloaltonetworks security companies have found  hundreds of applications infected with keyloggers in Google’s official  app store and have been uncovered for more than half a year.

The company did not remove the application until the security expert  notified the message to Google. In fact, the infection may not even be  known to the developer of the app.

After analysing these related  application infections are the same keyloggers, but these developers are  indeed scattered around the world, unlike the team.

Eventually,  the security company determined that the developer’s downloaded  development tool itself was already infected, so it was quietly  populated into the back door when it was packaged.

The keylogger is on the Windows platform:

The  most incredible thing about this security incident is that the backdoor  is a keylogger for the Windows platform and therefore not valid for  Android.

Simply put, these backdoor programs are all in the .EXE  format lurking in the Android application package, even if Windows does  not work without unpacking.

After testing, security experts  discovered that these keyloggers would steal keyboard input records and  then package and connect to the two servers controlled by the attacker.

At  the same time, you can also set up hidden folders or boot and many  other spy features, but fortunately, even if users install on Android,  there will be no harm.

What do hackers want to do:

Although this  security incident did not produce any substantial harm, security experts  believe that this is a preparation for hackers to use developers as a  springboard.

After the developer installs the development tool  with the back door, the computer is also infected, and if the subsequent  developers develop Windows software, they can continue to spread.

After  all, these Windows programs have been infected with backdoors during  the development phase, eventually invading the user’s computer with  regular software carrying signatures and backdoors.