Android malware strains have been known to plague the numerous Android apps available online. However, Android users must now also beware of Windows malware infecting their systems. Security researchers at Zscaler have uncovered over 100 Android apps available for download on the Google Play story infected with Windows malware.

The Android apps were found to be infected with a malicious iFrame. According to Zscaler researchers, this is not a new threat. Similar infections affecting Android apps have occurred in the past. However, the researchers were surprised that this trend of hackers infecting APKs (Android Package Kits) with Windows malware has persisted for nearly a year.

In this case, Zscaler’s security experts concluded that users who downloaded these malware-infected apps have not been impacted. This is because the malware doesn’t target the Android platform and the domains involved in the attack have already been sinkholed. However, researchers warn this cross-platform malware movement could open the door for hackers to launch more attacks.

Android Monero Malware Millions of Android devices hit by "drive-by" attack to mine for cryptocurrency Monero. Photo: Blogtrepreneur/Flickr

“The discovery of the malware highlights the fact that propagation of infections across different platforms is quite possible. This vector can be leveraged by a clever attacker to serve second-level malicious payloads depending on the type of device platform visiting the URL,” Zscaler security experts said in a blog.

Researchers also discovered that some APK files containing HTML files were infected by the Ramnit data-stealing worm. Although Ramnit was taken down in 2015 after an international law enforcement sting, the malware continues to pop up in newer versions till date.

“If the developer’s system is infected with this worm, it will inject a malicious iFrame in the HTM/HTML files in the source code of Android projects that eventually end up in the APK. Since the URL used in the injected iFrame is sinkholed by the Polish CERT, this infection won’t cause any harm to Android devices,” Zscaler researchers explained.

The researchers said they have alerted Google’s Android security unit about the new threat. Google categorizes such potentially harmful applications known as non-Android threats. 

“While this malware currently doesn’t cause harm to end users, it is clear that such infections can otherwise act as an open door for other attacks,” Zscaler researchers said.