The Botnet Chamois in Mobile Devices

Doing research on home security vulnerabilities within IOT devices, I started to think about different kinds of hacks and malicious abilities that can pose a threat to mobile devices or IOT devices.  I thought that a bot net could potentially pose a major threat to home security through the different types of devices throughout a house.  Bot nets are capable of many different types of malicious attacks.  From collecting sensitive information to devising a denial of service attack, bot nets are a major security vulnerability that need to be addressed.  I heard about a bot net named Chamois that has been around for a while and keeps getting updated and distributed among mobile and IOT devices.  I decided to look into this specific bot net because I thought that I poses a major security risk in the area of mobile, IOT, and home security.  In this document I will go over what Chamois botnet is, how it infects devices, and what is being done to make sure that this botnet cannot spread to mobile devices.

         Chamois was a botnet that when on a device was controlled by a remote command and control server.  Once on a device it would serve malicious ads and directed users to premium SMS scams. Chamois was a very resilient botnet that could evade detection so good and evolved so rapidly that it took Google years to finally eradicate it from android devices (Rashid, 2019).  One way that Chamois was distributed to devices was through a developer advertising software development kit that was thought to be legitimate.  While developers not knowingly placed this malicious bot net code into users’ devices, Chamois appeared to be a mobile payments solution to device manufacturers (Rashid, 2019).  With the Chamois botnet intruding in users’ homes, the unfortunate users of devices infected with this botnet were robbed of their money if they fell for the SMS scams.  Some scams were about making donations and users did not know they were even scammed until they got their phone bills (Newman, 2019).  Botnets pose a major security risk when it comes to home security because a botnet literally breaks into your house through different mobile and IOT devices and attempts to steal your money.

         Once Chamois was able to be detected it evolved from four stages to six stages, being able to avoid anti-virus and malicious code detection software (Rashid, 2019).  Many applications on Google Play Store were infected with this botnet and Google security engineers had a very hard time trying to get rid of it.  Every time the Google security engineers figured out some sort of barrier to detect and get rid of the botnet, the makers of the botnet would figure out ways to get around the barriers (Rashid, 2019).  Chamois was a very resilient botnet that infected about 21 million devices and Google has eventually whittled that number down to around two million over the years (Newman, 2019).  From what I read about this specific botnet; it seems to me that it could still be in devices today just waiting around for the chance to strike.  Since this botnet was disguised as a software development kit there could have been many applications that were not even found to have it yet.  A botnet this powerful could even evolve to collect sensitive information about unsuspecting users.  I mean this botnet has evaded Googles best security engineers for years and years, which means that the developers of Chamois could have evolve the botnet in many different ways, even to make the security engineers think that they have defeated it as another way to evade detection and barriers.

         To prevent becoming a victim of the type of botnet that Chamois is, people will really have to rely on security researchers to be able to detect and remove it from mobile devices.  The type of scams that this botnet uses like premium SMS can be avoided by just never using SMS for transferring of money or credentials.  Sensitive information should never be shared over unsecure digital mediums, and premium SMS is as unsecure a medium as any to be used to transfer such information.  The articles I read about this say that Google has defeated this botnet, but for some reason I think that it could still be going around out there.  The articles said that security researchers have dwindled the infected numbers from about 20 million down to 2 million, but that means that 2 million devices are still infected which gives the Chamois botnet makers time to evolve and redistribute a greater and even more dangerous version of the bot net with even more malicious capabilities.  I think that this botnet is still a threat to mobile and home security all over the world.  I don’t know if there is a way to tell if the botnet will ever be completely eradicated.

         To keep homes safe from these kinds of botnets users will have to be knowledgeable in the types of malicious scams that it initiates.  Education might be the only safe bet when it comes to users not falling victim to these types of attacks.  If something seems fishy, then a user should automatically assume that it is some type of scam.  If you click an ad and are redirected to a sketchy looking site that is requesting some type of sensitive information, you should just delete the site or even turn off your device and definitely delete the application that redirected the user to the site.  Botnets may always pose a threat to unsuspecting users and they need to be educated to be able to avoid the situations that a malicious attacker may make arise.

Works Cited

Newman, L. H. (2019, April 19). How Android Fought an Epic Botnet—and Won. Retrieved from wired.com: https://www.wired.com/story/google-android-chamois-botnet/

Rashid, F. Y. (2019, April 9). CHAMOIS: THE BIG BOTNET YOU DIDN’T HEAR ABOUT. Retrieved from duo.com: https://duo.com/decipher/chamois-the-big-botnet-you-didnt-hear-about

×
Your Donation

Author: John Rowan

I am a Senior Android Engineer and I love everything to do with computers. My specialty is Android programming but I actually love to code in any language specifically learning new things.

Author: John Rowan

I am a Senior Android Engineer and I love everything to do with computers. My specialty is Android programming but I actually love to code in any language specifically learning new things.

%d bloggers like this: