Viking Horde malware bypasses Google Play store Scans – You may be infected

19 May

It had been predicted that in the year 2016, attacks against the Android Operating system would increase dramatically. Now, it is just May, and incoming reports seem to ascertain the predictions. Wait! It’s not yet done. There is hell-a-lot more to come this year.

All apps in the Google Play Store have been deemed to be safe, and users believe it to be so. Google follows a stringent procedure to ensure that apps on its store do not contain malware. However, fraudsters seemed to have successfully bypassed the Google Play Store’s vigilant malware verification procedures and scans. So, you may be at risk even if you download from the Google Play Store. While Google has fixed this vulnerability, it is not that cyber criminals will stop breaking through the Google Play Store’s defenses again. Cyber criminals will continue to try hacking through all operating systems, and authentic stores like the Google store. We have to live with it. It will be continuous cycle – Hacking and fixing the vulnerability.

The Viking Horde malware attack

The latest attack on Android has been named as the Viking Horde malware attack. This malware joins the infected device into a botnet, that can then be used for spamming, DDoS attacks, ad fraud and other malicious activities. The owner of the device will have no knowledge that the device has become part of a botnet. And if the device has been rooted, it is more vulnerable – the damage is more severe – malware for remote code execution is downloaded . If the malware gains root privileges then its removal is very, very difficult.

Viking Jump app was rated a top free app on Google Play store after it was uploaded in April 2016. The game received massive downloads. During installation the malware app asks for root access, which is a questionable request/ permission. Users need to be wary of such permissions instead of just clicking on “Agree”. Techno savvy users may have been suspicious and may have not downloaded the app.

The Viking Horde includes other apps – Wi-Fi Plus, Parrot Copter, Memory Booster, and Simple 2048. When a game is initiated, certain components get installed outside the directory of the app. The malware initiates a communication protocol with a command and control server (C&C server). An anonymous proxy connection with two IP addresses and ports is then created. The botnet exploiter uses one socket, while the other socket is for the target. The cyber criminal’s IP gets hidden behind the victim’s IP. The botnet is also quite difficult to detect, and the user may not know that this device is a bot.

The other primary motive of the Viking malware was to hijack the device and use it for ad clicks. The malware would cause clicks on websites to generate revenue, and as the clicks were from proxied IP addresses it would be difficult to doubt the transactions.

To conclude, Be Safe! Be Wary of what you download even from the Google Store or any other reputed app store. Check the permissions that the app demands, and don’t download if you are not comfortable with the permissions. And if you have downloaded – Viking Jump, Wi-Fi Plus, Parrot Copter, Memory Booster, or Simple 2048, try to uninstall them immediately and scan your device with an effective antivirus for android.


Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: