A new type of malware is targeting Android devices via infected apps at the Google Play app store.


The new threath was discovered by security firm Check Point:

The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde. Viking Horde conducts ad fraud, but can also be used for other attack purposes such as DDoS attacks, spam messages, and more. At least five instances of Viking Horde managed to bypass Google Play malware scans so far.

Check Point notified Google about the malware on May 5, 2016.


How it works?

A brief summary of when explained more extensively on Check Point Website:


1. The malware is first installed from Google Play. While the app initiates the game, it installs several components, outside of the application’s directory.

2. The malware then checks whether the device is rooted and loads different type of additional modules in order to establish a TCP connection with the C&C server and starts the communication. The communication consists in a ping (every 10 seconds) and the updating of device informations.

3. The next step is to accomplish the main malicious functionality by creating an anonymous proxy connection.


More technical information on Check Point Website.