A new strain of malware is targeting Android devices via infected apps at the Google Play app store, says security firm Check Point.
Android devices are under siege by yet another breed of malware.
Dubbed Viking Horde, the new malware has waged war by infecting certain apps at the Google Play store, researchers at Check Point said Monday. Affected apps include Viking Jump, Parrot Copter, Memory Booster, Simple 2048 and WiFi Plus.
Android phones and tablets on which the infected apps are installed become part of a botnet, a network of devices controlled by hackers to perform certain tasks without the knowledge of the devices' owners. Viking Horde can perform ad fraud, a way of getting people to click ad links that generate money for the hackers. Check Point said the new malware can also send spam and carry out Distributed Denial of Service attacks, which shut down websites by bombarding their servers with data requests.
Google's Android software has been highly vulnerable to malware, both because of its open nature and the popularity of Android phones. In recent years, Google has stepped up its efforts to catch malicious programs before they reach its app store. But the process still is flawed, especially compared with Apple's more intense scrutiny of apps designed for iOS users.
Viking Horde can work its deeds on both rooted and nonrooted Android devices. A rooted device is one in which the operating system has been unlocked so the user can install apps unapproved by and unavailable through Google. But rooted devices are more vulnerable to malware.
The Viking Horde malware takes advantage of rooted devices by installing software that can execute code remotely. Any data on the device is then at risk. Plus, Viking Horde gains root access privileges, which means it's difficult to remove the malware.
At this point, most of the infected apps still reside on the Google Play store. At least five instances of Viking Horde sneaked past Google's malware scans, according to Check Point, which said it alerted Google to the malware on May 5. All of the infected apps have relatively low ratings, which Check Point believes may be due to their strange behavior, such as requesting root permission.
A Google spokesman said the apps are not part of a malicious library on its own, but rather a non-malicious library being used nefariously. In the past, Google has taken action against apps that violate Play policy, the spokesman added.