Viking Horde malware attacks Android devices
Dubbed Viking Horde, the new malware has waged war by infecting certain apps at the Google Play store, researchers at Check Point said Monday. Affected apps include Viking Jump, Parrot Copter, Memory Booster, Simple 2048 and WiFi Plus.
Google did not immediately respond to a request for comment.
Android phones and tablets on which the infected apps are installed become part of a botnet, a network of devices controlled by hackers to perform certain tasks without the knowledge of the devices' owners. Viking Horde can perform ad fraud, a way of getting people to click ad links that generate money for the hackers. Check Point said the new malware can also send spam and carry out Distributed Denial of Service attacks, which shut down websites by bombarding their servers with data requests.
Google's Android software has been highly vulnerable to malware, both because of its open nature and the popularity of Android phones. In recent years, Google has stepped up its efforts to catch malicious programs before they reach its app store. But the process still is flawed, especially compared with Apple's more intense scrutiny of apps designed for iOS users.
Viking Horde can work its deeds on both rooted and nonrooted Android devices. A rooted device is one in which the operating system has been unlocked so the user can install apps unapproved by and unavailable through Google. But rooted devices are more vulnerable to malware.
The Viking Horde malware takes advantage of rooted devices by installing software that can execute code remotely. Any data on the device is then at risk. Plus, Viking Horde gains root access privileges, which means it's difficult to remove the malware.
At this point, most of the infected apps still reside on the Google Play store. At least five instances of Viking Horde snuck past Google's malware scans, according to Check Point, which said it alerted Google to the malware on May 5. All of the infected apps have relatively low ratings, which Check Point believes may be due to their strange behavior, such as requesting root permission.
Комментарии