Friday, January 15, 19:54
Home security Android bothered a dangerous botnet

Android bothered a dangerous botnet


A highly sophisticated botnet, which was integrated into applications to spread deceptive ads and SMS, was able to successfully detect and neutralize the Android security team. The botnet belonged to a family of malware known as “Chamois", Which has been circulating since 2016 and was spreading so much through it Google Play and through third-party app stores. The Android security team moved aggressively and started to point out and help uninstall the Chamois software until it is sure it was past.

After their successful effort however, the November 2017, malicious software Chamois, returned stronger than before and until March 2018 20,8 managed to infect millions of devices. The Android security team has now managed to reduce the number to less than 2 million infections. At Kaspersky Security Analyst Summit in Singapore this week, Android security engineer Maddie Stone presents a full analysis of how Google fought against Chamois.

After 2018's launch peaked in March, the Android security team began collaborating with other Google security teams to address the new threat. While the first versions of malicious software consisted of four stages of infection, the new ones consisted of six and additionally contained mechanisms that helped them to remain unnoticed.

The Chamois family of software, like most botnets, receives remotely commands from a command and control server that coordinates infected devices to work on specific tasks. In this case, they involved SMS and adware frauds.

Much of recurrence of Chamois resulted from application developers and Android device manufacturers who deceived to incorporate the code of Chamois in their applications and even the preinstalled software. Attackers set up a website and spread Chamois as a legitimate ad software development kit that could provide ad distribution services.

Google Play Protect, which helps to eradicate false Android apps, has more features to detect when Chamois runs on a device and disables it. Google has also recently expanded the pre-installed code scan to partner devices, and further encouraged device manufacturers to control third-party code before product launches.

The Android security team concluded that the most notable feature of the botnet was the professionalism of its developers. The team uncovered dozens of carefully organized command and control servers for the botnet and also noticed that the malware included a mechanism called "feature flags" which is commonly used in legitimate software development to enable and disable specific features in various parts of the botnet. of the world.

Chamois developers have also worked to maintain low profile and incorporate updates of their malware gradually into infected devices.

Google is now using a combination of detection methods for Chamois software, while also making monthly and quarterly check-in all the stats of Chamois, to enable them to quickly stop any new outbreak of the botnet. And Stone says the Android security team is still removing the remaining 1,8 millions of infections.

The Android team promises to stay alert, knowing that the Chamois creators will not give up so easily.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...