Google has announced that it has managed to remove a huge family of malicious Android applications called Chamois. According to the company, these applications may have contaminated millions of devices.
Chamois malware, named after an egg-tree, seems to be an attempt to massively infect Android devices for advertising. In the past, Hummingbad malware had infected about 10 million devices, and attackers were earning around 300.000 dollars a month.
“We discovered Chamois during a routine assessment of ad traffic quality. We analyzed them malicious applications that used Chamois and we found that different methods are used to avoid detection and to trick users by displaying deceptive graphics. This sometimes resulted in other apps being downloaded or fake SMS being sent.”
"That's why we blocked the Chamois family of apps using app verification and blocked agents trying to play with our ad system," the Google post said.
According to the company, Chamosis was one of the biggest malware apps that the Android platform has seen so far, and was distributed through multiple channels.
The Chamosis family of applications could avoid detection by blackout and anti-resolution techniques. In addition, apps used custom encryption to store files for their configuration files, and additional code that required a deeper analysis to see if it hides anything dangerous.
Google reports that it looked over 100.000 advanced code lines to better understand Chamos.
The company did not reveal any of the infected apps.