Tens of thousands of Android users are thought to have fallen
victim to a newly-discovered malware, which enlists devices as part
of a hacker-controlled botnet.
Researchers at security firm Check Point, who discovered the
malware, said in
a blog post Monday that the malware is "persistent,"
and is "difficult or even impossible to remove manually."
The malware is dubbed "Viking Horde," after one of the
popular apps it poses as. The sophisticated malware campaign consists
of a number of games and apps that are readily available through
Google Play, the app store for Android devices.
At least five instances of the app have so far been able to evade
Google Play's malware scans for almost a month, since it was first
submitted to the app store.
When the user installs the app, it will automatically join a
botnet -- a network of devices controlled by an attacker -- which
disguise ad clicks to generate money.
The app also has full access to parts of the devices it infects,
potentially leading to theft of personal data.
Some user reviews claim the app also sends premium text messages,
which can be used to make money but also conduct distributed
denial-of-service (DDoS) attacks against users through persistent
message sending.
Most Android phones aren't rooted, which allow the owner to deeply
customize the device by opening up access to parts of the operating
system that are usually locked down. But if the Android phone is
rooted, the malware will download additional components that makes
the malware almost impossible to remove.
But the researchers warn that the malware can be used for far more
nefarious purposes, such as remote code execution, which allows an
attacker to compromise the data on the device.
So far, the malware-ridden apps have been downloaded tens of
thousands of times -- likely more. According to the researchers, one
of the apps made it as a top free app in the Google Play store. At the time of writing, the apps are still in the Google Play
store -- albeit with a considerable 1-star rating from the user
reviewing community.
Sources :
No comments:
Post a Comment