Viking Horde is the latest malware on Google Play

App stores aren’t immune to malware by any means, and now it’s Google’s turn to experience some nastiness.

The latest malware, dubbed Viking Horde, creates a botnet to carry out ad fraud, effectively using proxied IP addresses to conduct ad clicks. In turn, this provides revenue for the attacker, Check Point Research explained in a press statement.

The botnet affects rooted and non-rooted devices alike.

Check Point added that at least five cases of Viking Horde have passed through Google Play scans undetected so far. In fact, the most popular instance of Viking Horde stems from a game, dubbed Viking Jump, which has accrued between 50 000 and 100 000 downloads.

Other affected apps include Wi-Fi Plus, Memory Booster, Parrot Copter and Simple 2048.

A warning for rooted smartphones

Viking Horde is capable of more damage to rooted devices too, Check Point continued.

“On rooted devices, Viking Horde delivers additional malware payloads that can execute any code remotely, potentially compromising the security of data on the device. It also takes advantage of root access privileges to make itself difficult or even impossible to remove manually.”

The research firm found that Russia accounted for 44% of all users affected by Viking Horde, followed by Spain (12%), Lebanon (10%) the USA and Mexico (8% each).

User reviews on the Play Store noted that the malware also issued premium text messages and made itself almost impossible to remove.

Fortunately, Google has since taken action against Viking Jump and several other apps, removing them from the Play Store.

The Play Store isn’t the only major app store to be affected by dodgy wares in the past few months, as Apple’s App Store was affected by the ‘AceDeceiver‘ malware earlier this year.

Read more: 10 steps for protecting yourself from ransomware