Sunday, June 7, 04:10
Home security Android bothered a dangerous botnet

Android bothered a dangerous botnet


A highly sophisticated botnet, embedded in applications to deceive malicious ads and SMS, was able to successfully detect and neutralize the Android security team. The botnet belonged to a family of malware known as “Chamois", Which was already released by 2016 and was spreading through it Google Play and through third-party app stores. The Android security team moved aggressively and started to point out and help uninstall the Chamois software until it is sure it was past.

After their successful effort however, the November 2017, malicious software Chamois, returned stronger than before and until March 2018 20,8 managed to infect millions of devices. The Android security team has now managed to reduce the number to less than 2 million infections. At Kaspersky Security Analyst Summit in Singapore this week, Android security engineer Maddie Stone presents a full analysis of how Google fought against Chamois.

After 2018's launch peaked in March, the Android security team began collaborating with other Google security teams to address the new threat. While the first versions of malicious software consisted of four stages of infection, the new ones consisted of six and additionally contained mechanisms that helped them to remain unnoticed.

The Chamois family of software, like most botnets, receives remotely commands from a command and control server that coordinates infected devices to work on specific tasks. In this case, they involved SMS and adware frauds.

Much of recurrence of Chamois resulted from application developers and Android device manufacturers who deceived to incorporate the code of Chamois in their applications and even the preinstalled software. Attackers set up a website and spread Chamois as a legitimate ad software development kit that could provide ad distribution services.

Google Play Protect, which helps to eradicate false Android apps, has more features to detect when Chamois runs on a device and disables it. Google has also recently expanded the pre-installed code scan to partner devices, and further encouraged device manufacturers to control third-party code before product launches.

The Android security team concluded that the most remarkable feature of the botnet was the professionalism of its developers. The team uncovered dozens of carefully organized command and control servers for the botnet and also noted that the malware included a mechanism called "feature flags" that is commonly used in legitimate software development to enable or disable specific features in various parts of it world.

Chamois developers have also worked to maintain low profile and incorporate updates of their malware gradually into infected devices.

Google is now using a combination of detection methods for Chamois software, while also making monthly and quarterly check-in all the stats of Chamois, to enable them to quickly stop any new outbreak of the botnet. And Stone says the Android security team is still removing the remaining 1,8 millions of infections.

The Android team promises to stay alert, knowing that the Chamois creators will not give up so easily.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...