Chamois

The name "Chamois" in the cybersecurity community refers to a Backdoor Trojan running on Android. The Chamois Backdoor Trojan is a threat that Google boasted of having eliminated in late-2017, but researchers discovered a massive new campaign in late 2018. The first campaign involving the Chamois Backdoor Trojan used applications on the official Google Play Store to reach users. A regular security sweep performed by Google discovered the data traffic generated by infected devices and removed all corrupted applications.

However, the makers of the Chamois Backdoor Trojan have not given up and still deploying infected applications on competing application stores that lack the necessary experience and protection mechanisms to combat Chamois. Some reports point out that Chamois managed to infect more than 199 million devices by leveraging fake plugins and corrupted software development kits. The Chamois Backdoor Trojan is described by many AV vendors as a well-engineered program that can elevate the system privileges of a threat actor by downloading modules. Also, Chamois is observed to redirect Web traffic to advertisements, sent premium SMS messages without alerting the user, install applications and facilitate pay-per-install fraud.

Fortunately, most application stores are able to detect and remove potentially infected applications connected to the Chamois Backdoor Trojan. We would encourage users to install applications from the official Google Play Store only. The argument is that Google has an unrivaled team dedicated to finding threats like Chamois and removing them as soon as possible. Google's track record is not perfect, but the chances of being infected through an application on the Play Store are somewhat acceptable compared to rivaling stores that are famous for distributing cracked games and supposedly safe pirated productivity tools. You may wish to install an AV on your phone, run security scans from time to time and remove threats that are yet to be recognized by Google's team.