One of the grandest acts of Google’s Project Zero team was the ultimate take down of one of the largest Android Malware App families ever discovered named Chamois. The Chamois malware family had infected millions of Google Android mobile devices over the year. Chamois is named after a mountain goat because of the large obstacle Google had to overcome in order to contain the malware family and take it down. Google states that more than 100,000 lines of sophisticated code was examined to better understand Chamois. According to Google, Chamois was one of the largest families of malicious apps seen on Android to date, it was distributed through multiple channels. Chamois malware was very unusual in terms of its capabilities. The malware can be executed in 4 distinct stages by using different file formats. Chamois malware’s multi-stage process made it more complicated for security researchers to detect and identify. This obfuscation capability of the malware made it extremely harmful because of how the layers had to be peeled first in order to reach the malware source code. The Google team detected Chamois during a routine ad traffic quality evaluation. They were able to analyze Chamois malicious apps and found that the malware deployed several methods to avoid detection. It tempted users to click ads by displaying deceptive graphics. The malware was also able to use custom and encrypted file storage for its .config files, as well as additional code that required deeper analysis to understand the dangers of the app. Once Google’s team detected the Chamois family of malware it was blocked by Googles Play Store by using Google’s Verifying Apps. Unfortunately, the malicious apps didn't appear in Android’s device's malicious app list. So users were not able to detect it in order to uninstall the malware. Verify Apps is a tool within Google Play Store that Google developed to assist users to discover potentially harmful applications in order to delete them. The Chamois family of malicious apps ability to evade detection by the use of obfuscation and anti-analysis techniques was countered by these Google's system applications.

By Randall Sylvertooth, MSc


Reference: http://news.softpedia.com/news/google-kills-android-malware-family-chamois-one-of-the-largest-discovered-513908.shtml


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA