Viking Horde ready to invade
By Digital News Asia May 19, 2016
- Capable of DDoS attacks, spam messages
- Affects both rooted and unrooted devices
The Check Point research team has uncovered a new Android malware campaign on Google Play that it calls Viking Horde. Viking Horde conducts ad fraud, but can also be used for other attack purposes such as DDoS attacks, spam messages, and more.
On at least five instances, Viking Horde managed to bypass Google Play malware scans. On all devices, rooted or not, Viking Horde creates a botnet that uses proxied IP addresses to disguise ad clicks, generating revenue for the attacker.
A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the distributed computing capabilities of all the devices. The larger the botnet, the greater its capabilities.
On rooted devices, Viking Horde delivers additional malware payloads that can execute any code remotely, potentially compromising the security of data on the device. It also takes advantage of root access privileges to make itself difficult or even impossible to remove manually.
The most widely-downloaded instance of Viking Horde is the app Viking Jump, which was uploaded to Google Play on April 15th and has between 50,000-100,000 downloads. In some local markets, Viking Jump is a Google Play top free app.
Even if the device is not rooted, Viking Horde can turn it into a proxy capable of sending and receiving information per the attacker’s commands.
VirLock, the first shapeshifting ransomware
The massive email hack ... or was it?
Sony hack not an anomaly: CyberArk on what’s expected in 2015