Chamois
NJCCIC Threat Profile
Original Release Date: 2017-03-15
Chamois is a family of malicious ad fraud applications targeting Android devices. It was discovered in March 2017 after Google engineers were performing a routine ad traffic quality evaluation. The malware tries to trick users into clicking ads by displaying deceptive graphics, sometimes resulting in downloading other apps that executes SMS fraud. It uses several methods for evading detection, including deleting itself from the device’s app list so users won’t locate it to uninstall it. It executes in four stages using different file formats, making it more difficult to immediately identify apps in this family as malicious. It uses obfuscation and anti-analysis techniques, and uses custom, encrypted file storage for its configuration files, requiring deeper analysis to understand this threat.
Reporting
- March 2017: Google security researchers have blocked the Chamois ad fraud family. Users should scan their device for security threats using the "Verify Apps" tool in their phone's Google Security Settings. (Graham Cluley)
Technical Details
- Google provides technical analysis of the Chamois malware family, here.
Featured Content
- Disaster Relief and Tragedy-Related Scams>
- Flaw in Cosmo DB Could Allow Access to Databases>
- Threat Actors Use Messaging Service as Phishing Lure>
- Back-to-School Cybersecurity>
- Patch Now: Active Exploitation of Microsoft Exchange ProxyShell Vulnerabilities >
- T-Mobile Breach>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.