Google has removed malicious apps from the Google Play Store after discovering they were tricking users into downloading unwanted apps and plugins. These apps, which sent premium text messages and installed invisible apps in the background without users' consent, were identified as part of the Chamois family.
Bernhard Grill, Megan Ruthven, and Xin Zhao, all Google security software engineers, found and removed the apps -- which they described as one of the largest they have seen -- using malware scanner Verify Apps. Researchers say Chamois apps can evade detection because they keep changing file formats – from .APK file to .JAR file and then to .ELF file.
"This multi-stage process makes it more complicated to immediately identify apps in this family as a PHA because the layers have to be peeled first to reach the malicious part," they explain.
Though there is no official figure from Google about how many were victimized by Chamois botnet, an earlier study found that malware HummingBad made $300,000 per month through ad fraud.
Read more here.