Google has announced that it has managed to remove a huge family of Android malware called Chamois. According to the company, these applications they may have infected millions of devices.
Chamois malware, is named after a species of Capricorn, and appears to be an attempt to mass infect Android devices to serve up advertising. In the past, the Hummingbad malware infected around 10 million devices, and the attackers earned around $300.000 a month.
“We discovered Chamois during a routine assessment of ad traffic quality. We analyzed the malicious applications that used Chamois and found that different methods are used to avoid detection and to trick users displaying misleading graphics. This sometimes resulted in other apps being downloaded or fake SMS being sent.”
"That's why we blocked the Chamois family of apps using app verification and blocked agents trying to play with our ad system," the Google post said.
According to the company, Chamosis was one of the biggest malware apps that the Android platform has seen so far, and was distributed through multiple channels.
The Chamois family of applications could evade detection with obfuscation and anti-analysiss. In addition, the apps used custom file storage encryption for their settings files, and additional code that required deeper analysis to see if it was hiding something dangerous.
Google says it looked at more than 100.000 lines of advanced code to understand better the Chamοis.
The company did not reveal any of the infected apps.