Google removes hundreds of Android apps that infected with Windows executable files

XcodeGhost

It is essential for developers to download development tools from official channels, otherwise, it is very likely that they will install development tools with Trojans.

In the past few years, many well-known domestic applications have been infected with XcodeGhost code, and the applications of top developers including Tencent have been infected.

This Android platform also suffered a hijacking similar to XcodeGhost malware, with more than hundreds of applications being infected with keyloggers and so on.

Attacks against developers:

The Paloaltonetworks security companies have found hundreds of applications infected with keyloggers in Google’s official app store and have been uncovered for more than half a year.

The company did not remove the application until the security expert notified the message to Google. In fact, the infection may not even be known to the developer of the app.

After analysing these related application infections are the same keyloggers, but these developers are indeed scattered around the world, unlike the team.

Eventually, the security company determined that the developer’s downloaded development tool itself was already infected, so it was quietly populated into the back door when it was packaged.

XcodeGhost

 

The keylogger is on the Windows platform:

The most incredible thing about this security incident is that the backdoor is a keylogger for the Windows platform and therefore not valid for Android.

Simply put, these backdoor programs are all in the .EXE format lurking in the Android application package, even if Windows does not work without unpacking.

After testing, security experts discovered that these keyloggers would steal keyboard input records and then package and connect to the two servers controlled by the attacker.

At the same time, you can also set up hidden folders or boot and many other spy features, but fortunately, even if users install on Android, there will be no harm.

What do hackers want to do:

Although this security incident did not produce any substantial harm, security experts believe that this is a preparation for hackers to use developers as a springboard.

After the developer installs the development tool with the back door, the computer is also infected, and if the subsequent developers develop Windows software, they can continue to spread.

After all, these Windows programs have been infected with backdoors during the development phase, eventually invading the user’s computer with regular software carrying signatures and backdoors.