New Malware that enlists your smartphone as a botnet detected in Apps on Google Play Store
Researchers at security firm Check Point have discovered a new Android malware campaign on Google Play called as Viking Horde. Many Android users are believed to have fallen victim to a newly-discovered malware, which recruits devices as part of a hacker-controlled botnet.
The researchers in a blog post on Monday said that the malware is “persistent,” and is “difficult or even impossible to remove manually.”
Viking Horde conducts ad fraud, but can also be used for other attack purposes such as DDoS attacks, spam messages, and more. At least five apps uploaded to the Google Play store, named Viking Jump, Parrot Copter, Wi-Fi Plus, Memory Booster, and Simple 2048 was detected with Viking Horde.
While Google in the meantime has removed these apps, but Check Point researchers are claiming that the same methods used to upload these malicious apps past Google’s app review process may be used again in the future to upload new apps.
When the user installs the app – on all devices – rooted or not – Viking Horde creates a botnet that uses proxied IP addresses to disguise ad clicks, generating revenue for the attacker. A botnet is a group of devices controlled by hackers without the knowledge of their owners. Depending on the distributed computing capabilities of all the devices, the bots are used for several reasons. The larger the botnet, the greater its capabilities.
On rooted devices, Viking Horde delivers additional malware payloads that can perform any code remotely, possibly compromising the security of data on the device. It also takes advantage of root access privileges to make it difficult or even impossible to remove manually.
The app also has full access to parts of the devices it infects, possibly leading to theft of personal data.
Check Point says it discovered only one user complaining about SMS fraud, and that it only detected the technical capabilities to launch DDoS attacks and send spam, not actually seeing the botnet perform these types of attacks.
Most of the infected users that downloaded Viking Horde-infected apps are from Russia, Spain, Lebanon, Mexico, and the US, say researchers.
Until now, the malware-ridden apps have been expected to be downloaded more than thousands of times. According to the researchers, one of the apps made it as a top free app in the Google Play store.
Last week, Dr. Web, a Russian antivirus maker discovered over 190 malware-infested apps on the Play Store, which it reported to Google who had them removed.