threatpost[.]com/aggressive-triada-horde-variants-up-mobile-malware-threat/118767/
Two mobile variants of Triada and Horde malware have been spotted in the wild by Check Point Software Technologies researchers who warn the latest samples have adopted dangerous new techniques including the ability to evade Google’s security on some OS versions.
... armed with the new URL spoofing capabilities, the Triada Android malware can now intercept any URL on infected phones and entice a user to “enter credentials in a fraudulent page, or even download additional malware, without knowing he is visiting a malicious site,” wrote Oren Koriat, Check Point analyst in a research blog outlining his research.
Check Point also updated the profile it has on the malware Horde, which is notorious for infecting apps in Google Play and surreptitiously enlisting armies of Android phones to become part of a mobile botnet. The Horde malware most notably infects games and utilities available on Google Play such as Viking Jump, Parrot Copter, Memory Booster, Simple 2048 and WiFi Plus. Check Point says the latest variant of Horde is able to monitor running processes on Android Lollipop and Marshmallow versions using a new technique to avoid detection.