Viking Horde Malware Uses Google Play Store To Infect Android Devices

Android owners might want to be extra cautious about the apps they download, for a little while. There's a new piece of malware in the wild, and it's turning phones and tablets alike into a part of a large botnet. The worst part about the new Viking Horde malware is that it appears to be coming from a number of apps available on the Google Play store.

Advertisement

Viking Horde is the latest piece of malware to target Android devices. Researchers at Check Point recently discovered the malicious software, which mainly seems to be designed for ad fraud. What it does is uses a proxied IP address to disguise the ad clicks. What's more, the malware creates a botnet, using these IP addresses, which could be potentially used to for DDoS attacks and more.

According to their findings, Viking Horde affects both rooted and unrooted devices alike. While unrooted devices are susceptible to the actions listed above, rooted devices are at a greater risk. On these devices, additional software is installed that allows it to execute any code remotely. What's more, it uses your root access privileges to make it difficult, if not impossible to manually remove the malware.

Advertisement

The worst part about this particular infection is that it is hiding in apps that, until recently, were available on the app store. One game, Viking Jump was on the Google Play store since April 15th, and was still available as of yesterday. It had been downloaded an estimated 50,000 – 100,000 times. Depending on your region, it was listed at a Google Play top free app. Other apps include Parrot Copter, WiFi Plus, Memory Booster, and Simple 2048. All of these have been removed from the store at the time of writing.

For more detailed information on exactly how the Viking Horde malware infects your device, check out the full post over on Check Point. Unfortunately, they don't have any good tips on how to remove the malware. Your best bet will likely be to restore your phone from a recent backup, or wiping it completely, if you've been infected.

Recommended

Advertisement