Google Removed Chamois, A Fraud Adware Malware Botnet On Android

Adware has become the most famous threats in the world. Adware platform is used to monetize apps to earn revenue but now Adware is used to force push ads like banner or pop-ups on mobile to earn more revenue.

But the badest part is that Adware is now used as a trojan and more malicious purpose, as it forced to collect users personal information like name, birth date, contacts, browser’s data from the mobile it’s installed on and without user’s authorization.

Although Google has taken steps to remove potentially harmful apps from its play store in the past years but Adware app always finds its way to target billions of Android users on the marketplace.

And the risk is higher when we talk about Android as another platform because of the extra permission apps get.

Google has recently found a new ad-fraud family of the botnet that was infecting Android users through apps hosted on its Play Store marketplace.

Dubbed Chamois, the family of PHAs (potentially harmful applications)

Dubbed Chamois, the family of PHAs (potentially harmful applications) capable of boosting apps promotion by installing other application in the background without the authorization of the user, bombarding continuous pop-up ads, downloading and executing extra malicious content or plugin without the user’s knowledge, and performs telephony fraud by sending premium text messages.

Chamois was found when Google engineers discovered suspicious ad traffic while performing their routine ad traffic quality evaluation.

Chamois used special obfuscation and anti-analysis technique to evade detection, Google engineers uncovered a number of developers that tricked the users into installing malicious apps on their Android devices.

“We analyzed malicious apps based on Chamois, and found that they employed several methods to avoid detection and tried to trick users into clicking ads by displaying deceptive graphics,” security software engineers at Google said in a blog post.

“This sometimes resulted in downloading of other apps that commit SMS fraud. So we blocked the Chamois app family using Verify Apps and also kicked out bad actors who were trying to game our ad systems.”

The motive behind installing this malware app on users devices to make money by using different techniques to evade Google’s detection and prevention systems.

The security team dig through more than 100,000 lines of sophisticated code seems to be written by professional developers.

Google engineers did the deep analysis to understand the malicious part and other precious details.

Google Removed Chamois, A Fraud Adware Malware Botnet On Android

The Chamois apps had a multi-level payload structure 4 distinct stages, which also includes an encrypted storage area for config files and for other malicious code.

Google blocked the Chamois app adware family after discovery using its Verify Apps and also banned some of the users who were taking advantage of its ad system to make money.

Verify Apps Technique

Verify Apps protects users from known PHAs by warning them when they are downloading the application that is determined to be a PHA.

Verify Apps also enable users to uninstall the app if it has already been installed on the users device. Google new app testing system is now capable of detecting this new Chamois-related threat.

Google new app testing system is now capable of detecting this new Chamois-related threat.

Get more stuff like this
in your inbox

Subscribe Us And Get Latest Tech News, Hacking News, Science News, And Latest Gadgets News Directly Delivered To Your Inbox

Thank You For Subscribing. Verification Email Has Been Send To You. Please Verify !

Something Went Wrong.

LEAVE A REPLY

Please enter your comment!
Please enter your name here