Palo Alto Unit 42 researchers identified 145 Google Play apps infected with malicious Window’s Executable Files.
Researchers noted the infected APK files do not pose any threat to Android devices as they can only run on Windows devices but said the files are a threat to the software supply chain and can ultimately be used to carry out widespread attacks similar to KeRanger, XcodeGhost and NotPetya, according to the blog post.
“Most of the infected apps were released to Google Play between October 2017 and November 2017, which means these apps have been in Google Play for more than half a year,” researchers said in the report. “Among these infected apps, several have more than 1,000 installations and 4-star ratings.”
Malicious apps included “Learn to Draw Clothing,” “Modification Trail” and “Gymnastics Training Tutorial.”
Researchers said they have already notified Google of the malicious apps.