The apps included malware that was used in building the WireX botnet
Over the past few days, Google has removed over 300 applications from its Android App Store, the Google Play Store, after being alerted that they contained malware used for creating DDoS attacks.
The malware was creating a botnet, dubbed WireX, that was used in a series of attacks on August 17th.
Analysis of the incoming attack data for the August 17th attack revealed that devices from more than 100 countries participated, an uncharacteristic trait for current botnets. The distribution of the attacking IPs along with the distinctive User-Agent string led the researchers who began the initial investigation to believe that other organizations may have seen or would be likely to experience similar attacks. The researchers reached out to peers in other organizations for verification of what they were seeing.
Once the larger collaborative effort began, the investigation began to unfold rapidly starting with the investigation of historic log information, which revealed a connection between the attacking IPs and something malicious, possibly running on top of the Android operating system.
Google worked in conjunction with researchers from Akamai, Cloudflare, Oracle Dyn, RiskIQ and Team Cymru to combat the botnet, which may have been created as early as August 2nd.
The apps, many of which offered services like ringtones and storage managers, have been removed from the app store as Google is beginning the process of removing them from its devices as well.
Building a BotNet
A Botnet is a network of infected computers that can be mobilized by a central command source and used in a number of malicious ways—though typically for DDoS. If you’re interested in DoS and DDoS attacks, Vince wrote a great piece discussing them last summer.
Frankly, a botnet of cellular devices or tablets isn’t all that exotic these days. In fact, just last Friday we covered how some hackers are using IoT devices to build botnets. If it’s online and you can infect it, you can use it in a botnet.
Botnets are especially useful for the sake of a DDoS attack because it allows you to broadcast requests from network comprised of thousands of devices. This makes it nearly impossible to filter legitimate traffic from spam, which in turn makes the attack that much more effective.
Be Careful with your Apps
Downloading apps is, and has always been, a fairly risky proposition. Despite Google (and Apple’s) best attempts to keep their app stores clean, occasionally things do slip through the cracks. Apple has tried to fight this issue by being notoriously stringent in what it will and won’t allow into its app store. Google is a bit more open but has been experimenting with AI and machine learning to help safeguard its users.
Neither method is fool proof.
The best advice we can give with regard to staying safe when downloading apps is this: stick to the main streets and thoroughfares.
- Don’t install apps from untrusted third parties
- Do a little research, look at reviews, make sure the app is legitimate
- Stay away from apps that haven’t been widely downloaded yet
- Install a security app to scan your phone
And, finally, when you do download an app, PAY ATTENTION TO THE PERMISSIONS YOU’RE GIVING IT. If an app is asking for permission to access something it has no business interacting with—be wary.
Mobile apps are great when they’re safe. But when they’re not—be careful. They can cause a ton of harm.