Η Google announced that it managed to remove a huge family of malware Android called Chamois. According to the company, these applications may have infected millions of devices.
Chamois malware, is named after a species of Capricorn, and appears to be an attempt to mass infect Android devices to serve up advertising. In the past, the Hummingbad malware infected around 10 million devices, and the attackers earned around $300.000 a month.
"We found Cham .is during a routine evaluation of the quality of ad traffic. We analyzed the malicious applications that used Chamos and found that different methods were used to avoid detection and to trick users into displaying misleading graphics. This has sometimes resulted in other applications being downloaded or sending fake SMS. ”
"That's why we blocked the Chamois family of apps using app verification and blocked agents trying to play with our ad system," the Google post said.
According to the company, Chamosis was one of the biggest malware apps that the Android platform has seen so far, and was distributed through multiple channels.
The Chamois family of applications could evade detection with obfuscation and anti-analysis techniques. In addition, the applications used, custom encryption για την αποθήκευση αρχείων για τα αρχεία ρυθμίσεων τους, και επιπλέον code which required deeper analysis to see if it was hiding something dangerous.
Google reports that it looked over 100.000 advanced code lines to better understand Chamos.
The company did not reveal any of the infected apps.