Google Removes Chamois Apps Botnet from Play Store

Google has eliminated Chamois apps, which installed invisible apps and downloaded unwanted plugins without victims' knowledge.

Dark Reading Staff, Dark Reading

March 16, 2017

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Google has removed malicious apps from the Google Play Store after discovering they were tricking users into downloading unwanted apps and plugins. These apps, which sent premium text messages and installed invisible apps in the background without users' consent, were identified as part of the Chamois family.

Bernhard Grill, Megan Ruthven, and Xin Zhao, all Google security software engineers, found and removed the apps -- which they described as one of the largest they have seen -- using malware scanner Verify Apps. Researchers say Chamois apps can evade detection because they keep changing file formats – from .APK file to .JAR file and then to .ELF file.

"This multi-stage process makes it more complicated to immediately identify apps in this family as a PHA because the layers have to be peeled first to reach the malicious part," they explain.

Though there is no official figure from Google about how many were victimized by Chamois botnet, an earlier study found that malware HummingBad made $300,000 per month through ad fraud.

Read more here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights