Categories: NewsSecurity

Google Removes 300 Play Store Apps That Secretly Used Phones for DDoS Attacks

Android users generally assume Google’s Play Store is safe to use since the tech giant scans all its apps to ensure none contain malware. Every once in a while, however, hackers manage to get malicious apps past Google. Recently, according to reports, Google had to remove 300 apps from its Play Store as they were found to be using Android devices to launch distributed denial of service (DDoS) attacks.

Hijacking Phones for Large-scale DDoS Attacks

The apps Google removed were seemingly harmless: video players, storage managers, and so on. As it turns out, they were merely masquerading as legitimate apps, when in reality they were hijacking users’ phones to use them as part of a DDoS botnet.

The botnet caught the attention of content delivery network Akamai after being used to assault one of its clients, a hospitality company, with traffic from hundreds of thousands of different IPs. Dubbed WireX, the botnet is said to have been active since around August 2, but was only discovered on August 17. In some of its attacks it also asked for ransom fees.

After discovering the threat, Akamai teamed up with Google and several security researchers from companies including Cloudflare, RisIQ, Team Cymru, and Flashpoint to investigate and solve the issue. The findings, according to a Google spokesperson, led to a large number of apps on the Play Store:

“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices. The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”

Related Post

These apps could use infected devices for DDoS attacks as long as they were powered on. It is not clear how many were infected, but Akamai told journalist Brian Krebs

that up to 70,000 devices could have been compromised. Researchers believe the botnet had managed to infect devices in 100 different countries.

In one occurrence, according to Gizmodo, WireX emailed the organization it was attacking

, demanding a ransom. Cybercriminals have been pushing different types of ransomware lately, as The Merkle recently reported on a Chinese underground app that allows anyone without coding skills to create custom ransomware.

Google is now handling the apps that infected Android users by removing them both from its Play Store and from affected devices. It is unclear how long that will take.

WireX’s origins

Researchers believe WireX likely began as a distributed method of “click fraud,” a form of fraud that occurs when malicious scripts or programs imitate a legitimate user clicking on ads in order to generate revenue. According to reports, multiple antivirus tools currently detect WireX as a click fraud malware, not as a DDoS botnet.

At some point, WireX’s administrators decided to use their expertise to turn WireX into a DDoS botnet. It was able to generate what appeared to be legitimate internet traffic, as it included what was named a “headless” web browser that could do everything a real browser does without displaying its interface to the user on the infected device.

Francisco Memoria

Francisco is a cryptocurrency enthusiast who's lucky enough to be able to write about his passion.

Share
Published by
Francisco Memoria

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

3 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

3 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

4 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

4 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

8 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

8 hours ago