Google Removes Over 300 Apps From its App Store
The apps included malware that was used in building the WireX botnet
Over the past few days, Google has removed over 300 applications from its Android App Store, the Google Play Store, after being alerted that they contained malware used for creating DDoS attacks.
The malware was creating a botnet, dubbed WireX, that was used in a series of attacks on August 17th.
Analysis of the incoming attack data for the August 17th attack revealed that devices from more than 100 countries participated, an uncharacteristic trait for current botnets. The distribution of the attacking IPs along with the distinctive User-Agent string led the researchers who began the initial investigation to believe that other organizations may have seen or would be likely to experience similar attacks. The researchers reached out to peers in other organizations for verification of what they were seeing.
Once the larger collaborative effort began, the investigation began to unfold rapidly starting with the investigation of historic log information, which revealed a connection between the attacking IPs and something malicious, possibly running on top of the Android operating system.
Google worked in conjunction with researchers from Akamai, Cloudflare, Oracle Dyn, RiskIQ and Team Cymru to combat the botnet, which may have been created as early as August 2nd.
The apps, many of which offered services like ringtones and storage managers, have been removed from the app store as Google is beginning the process of removing them from its devices as well.
Building a BotNet
A Botnet is a network of infected computers that can be mobilized by a central command source and used in a number of malicious ways—though typically for DDoS. If you’re interested in DoS and DDoS attacks, Vince wrote a great piece discussing them last summer.
Frankly, a botnet of cellular devices or tablets isn’t all that exotic these days. In fact, just last Friday we covered how some hackers are using IoT devices to build botnets. If it’s online and you can infect it, you can use it in a botnet.
Botnets are especially useful for the sake of a DDoS attack because it allows you to broadcast requests from network comprised of thousands of devices. This makes it nearly impossible to filter legitimate traffic from spam, which in turn makes the attack that much more effective.
Be Careful with your Apps
Downloading apps is, and has always been, a fairly risky proposition. Despite Google (and Apple’s) best attempts to keep their app stores clean, occasionally things do slip through the cracks. Apple has tried to fight this issue by being notoriously stringent in what it will and won’t allow into its app store. Google is a bit more open but has been experimenting with AI and machine learning to help safeguard its users.
Neither method is fool proof.
The best advice we can give with regard to staying safe when downloading apps is this: stick to the main streets and thoroughfares.
- Don’t install apps from untrusted third parties
- Do a little research, look at reviews, make sure the app is legitimate
- Stay away from apps that haven’t been widely downloaded yet
- Install a security app to scan your phone
And, finally, when you do download an app, PAY ATTENTION TO THE PERMISSIONS YOU’RE GIVING IT. If an app is asking for permission to access something it has no business interacting with—be wary.
Mobile apps are great when they’re safe. But when they’re not—be careful. They can cause a ton of harm.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown