Google has announced that it has managed to remove a huge family of malicious Android applications called Chamois. According to the company, these applications may have contaminated millions of devices.
Chamois malware, named after an egg-tree, seems to be an attempt to massively infect Android devices for advertising. In the past, Hummingbad malware had infected about 10 million devices, and attackers were earning around 300.000 dollars a month.
"We found Cham .is during a routine evaluation of the quality of ad traffic. We analyzed the malicious applications that used Chamos and found that different methods were used to avoid detection and to trick users into displaying misleading graphics. This has sometimes resulted in other applications being downloaded or sending fake SMS. ”
"That's why we blocked the Chamois family of apps using app verification and blocked agents trying to play with our ad system," the Google post said.
According to the company, Chamosis was one of the biggest malware apps that the Android platform has seen so far, and was distributed through multiple channels.
The Chamosis family of applications could avoid detection by blackout and anti-resolution techniques. In addition, apps used custom encryption to store files for their configuration files, and additional code that required a deeper analysis to see if it hides anything dangerous.
Google reports that it looked over 100.000 advanced code lines to better understand Chamos.
The company did not reveal any of the infected apps.