The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be used for other attack purposes such as DDoS attacks, spam messages, and more. At least five instances of Viking Horde managed to bypass Google Play malware scans so far.
Check Point notified Google about the malware on May 5, 2016.
On all devices — rooted or not — Viking Horde creates a botnet that uses proxied IP addresses to disguise ad clicks, generating revenue for the attacker. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the distributed computing capabilities of all the devices. The larger the botnet, the greater its capabilities.
Viking Horde botnet malware lurks on Google Play
New Android malware poses as popular game, but enlists phones into botnet