Google has announced that it has managed to remove a huge family of malicious Android applications called Chamois. According to the company, these applications may have contaminated millions of devices.
Chamois malware, named after an egg-tree, seems to be an attempt to massively infect Android devices for advertising. In the past, Hummingbad malware had infected about 10 million devices, and attackers were earning around 300.000 dollars a month.
“We discovered Chamois during a routine assessment of ad traffic quality. We analyzed the malicious applications that used Chamois and found that different methods are used to avoid detection and to trick users displaying misleading graphics. This sometimes resulted in other apps being downloaded or fake SMS being sent.”
"That's why we blocked the Chamois family of apps using app verification and blocked agents trying to play with our ad system," the Google post said.
According to the company, Chamosis was one of the biggest malware apps that the Android platform has seen so far, and was distributed through multiple channels.
The Chamois family of applications could evade detection with obfuscation and anti-analysis techniques. In addition, the applications used, custom encryption to save files for their configuration files, and additional code that required deeper analysis to see if it was hiding anything dangerous.
Google says it looked at more than 100.000 lines of advanced code to understand better the Chamοis.
The company did not reveal any of the infected apps.