Scalper1 News
The Walking Dead trope has nothing on the Viking Horde. On May 5, No. 1 cybersecurity firm Check Point Software Technology ( CHKP ) notified Alphabet ( GOOGL )-owned Google Play of an Android malware campaign that could affect 50,000 to 100,000 smartphones, researcher Jeff Zacuto told IBD on Tuesday. Coined Viking Horde, the malware stems from downloads of five Google Play apps — Viking Jump, Memory Booster, Parrot Copter, Simple 2048 and Wi-Fi Plus — uploaded to Google Play between March 29 and April 15. Late Tuesday, Memory Booster still turned up on a search of Google Play. Google didn’t respond to a request for more information. Together, the five malware-riddled apps have been downloaded 50,000 to 100,000 times, Zacuto said. The Viking Horde malware is completely transparent to the user, but adds the device to a growing botnet programmed to simulate ad clicks for revenue. “It just appears to be a harmless game on your device, but what was actually happening in the background was the malicious code was turning the devices into zombies,” he said. “It made them part of a botnet.” A botnet, or a zombie army of computers, is programmed to transmit data without a user’s knowledge. On a grand scheme, botnet campaigns are far more common to PCs, Zacuto said. The Viking Horde botnet takes advantage of clicks-for-revenue advertising. “I (a website owner) contact one of these groups and say, ‘Hey, could you do me a favor to do some fake ad-clicking for me and in exchange I’ll give you some of the revenue?’ ” Zacuto said. The majority of the downloads (44%) were out of Russia. Of the remainder, 10% were in Lebanon, and the U.S. and Mexico each accounted for 8% of the downloads. But there’s no way to quantify the number of infected devices. Beyond ad fraud, the Viking Horde malware is persistent, Zacuto said. Out of the box, most phones are unrooted, meaning the user can delete the infected app. But on rooted phones — where a user has more control — the malware installs additional components using sneaky names. “It will install components that have names that look like they’re supposed to be there,” he said. “On a rooted device, it can also install additional components that say, ‘Someone is trying to remove this app, let them remove it, but once that’s done reinstall it.’ ” Oftentimes, the app (and malware) will reinstall in a hidden place. Typical mobile anti-virus won’t detect the malware, Zacuto said. And most users won’t note the malware unless they recognize suspicious activity, such as the app’s request for access to root permissions. Furthermore, it can install a program that automatically downloads any malware updates to the app, leaving the door open for additional fraud, Zacuto said. On a rooted device, that means a user either has to buy an entirely new smartphone or perform a hard reset. “On the rooted device since you’ve opened up the ability to do anything on the device, you’re also giving the attacker the ability to do that as well,” he said. “They can steal information from your device, they can jam your data traffic, they can turn on the camera, the microphone.” He added: “They really have the ability to do anything they like.” Scalper1 News
Scalper1 News