Detecting and eliminating Chamois, a fraud botnet on Android
A more technical version was cross posted on the Android Developers blog Google works hard to protect users across a variety of devices and environments. Part of this work involves defending users against Potentially Harmful Applications (PHAs) , an effort that gives us the opportunity to observe various types of threats targeting our ecosystem. For example, our security teams recently discovered and defended users of our ads and Android systems against a new PHA family we’ve named Chamois . Chamois is an Android PHA family capable of: Generating invalid traffic through UI overlays that pop up with ads having deceptive graphics inside the ad Performing artificial app promotion by automatically installing apps in the background Performing telephony fraud by sending premium text messages Downloading and executing additional plugins Interference with the ads ecosystem We detected Chamois during a routine ad traffic quality evaluation. We analyzed several malicious apps based on Chamois...