Beware of what you download from the Google Play Store. Security experts from Check Point discovered a malware found in 5 apps that can be downloaded from the Google Play Store. If you recently downloaded the 6.5.08 update to fix bugs and improve the app’s performance, a malware attack can be quite annoying.
Viking Jump, WiFi Plus, Memory Booster, Parrot Copter and Simple 2048 were infected with the malware named Viking Horde that provides attackers a channel to commit SMS and click fraud, launch DDoS attacks from infected devices, and send spam messages. Thankfully, Google managed to remove the infected apps before they can cause problems to the millions of Google Play Store’s users. Only one user complained about SMS fraud, according to Check Point.
Researchers from the security firm, however, warns of a possible re-occurrence using the same methods of uploading malicious apps. This calls for a reinforced review process of apps before they are uploaded to the mobile store.
What makes this Trojan highly dangerous is that it can target both rooted and non-rooted devices. This is particularly damaging to rooted devices, as a fraudster can constantly send new packages through an update component.
Viking Horde works around a C&C server to send instructions to all bots (infected devices) over an anonymous proxy. This helps ensure that the bots activity to the main server goes completely undetected and hard to track.
How exactly click-fraud happens using Viking Horde?
Its main mode of operation is through ads delivered to infected devices. By simulating a user tapping on those ads, fraudsters can gain fees from affiliate advertising programs. The use of anonymous proxy also helps delay the bots getting blacklisted by affiliate advertisers.
Check Point failed to see the botnet perform the SMS fraud attack. They only managed to detect its technical capabilities to send spam and launch DDoS attacks.
Majority of mobile users that downloaded the Viking Horde-infected apps came from the US, Spain, Russia, Mexico and Lebanon.
Just last week 190 malware-infested apps on the Google Play Store were discovered by Russian anti-virus maker. Google had them removed in time as well.
But imagine all the fun you missed out, what with all those apps removed from the Play Store. Unfortunately, malware attack is pretty tricky to handle and can do a lot of damage. It is best not to have them in your mobile phone in the first place.
To be safe, stick to the top 10 Google Play Store downloads.