Categories: NewsSecurity

Google Removes 300 Play Store Apps That Secretly Used Phones for DDoS Attacks

Android users generally assume Google’s Play Store is safe to use since the tech giant scans all its apps to ensure none contain malware. Every once in a while, however, hackers manage to get malicious apps past Google. Recently, according to reports, Google had to remove 300 apps from its Play Store as they were found to be using Android devices to launch distributed denial of service (DDoS) attacks.

Hijacking Phones for Large-scale DDoS Attacks

The apps Google removed were seemingly harmless: video players, storage managers, and so on. As it turns out, they were merely masquerading as legitimate apps, when in reality they were hijacking users’ phones to use them as part of a DDoS botnet.

The botnet caught the attention of content delivery network Akamai after being used to assault one of its clients, a hospitality company, with traffic from hundreds of thousands of different IPs. Dubbed WireX, the botnet is said to have been active since around August 2, but was only discovered on August 17. In some of its attacks it also asked for ransom fees.

After discovering the threat, Akamai teamed up with Google and several security researchers from companies including Cloudflare, RisIQ, Team Cymru, and Flashpoint to investigate and solve the issue. The findings, according to a Google spokesperson, led to a large number of apps on the Play Store:

“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices. The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”

Related Post

These apps could use infected devices for DDoS attacks as long as they were powered on. It is not clear how many were infected, but Akamai told journalist Brian Krebs

that up to 70,000 devices could have been compromised. Researchers believe the botnet had managed to infect devices in 100 different countries.

In one occurrence, according to Gizmodo, WireX emailed the organization it was attacking

, demanding a ransom. Cybercriminals have been pushing different types of ransomware lately, as The Merkle recently reported on a Chinese underground app that allows anyone without coding skills to create custom ransomware.

Google is now handling the apps that infected Android users by removing them both from its Play Store and from affected devices. It is unclear how long that will take.

WireX’s origins

Researchers believe WireX likely began as a distributed method of “click fraud,” a form of fraud that occurs when malicious scripts or programs imitate a legitimate user clicking on ads in order to generate revenue. According to reports, multiple antivirus tools currently detect WireX as a click fraud malware, not as a DDoS botnet.

At some point, WireX’s administrators decided to use their expertise to turn WireX into a DDoS botnet. It was able to generate what appeared to be legitimate internet traffic, as it included what was named a “headless” web browser that could do everything a real browser does without displaying its interface to the user on the infected device.

Francisco Memoria

Francisco is a cryptocurrency enthusiast who's lucky enough to be able to write about his passion.

Share
Published by
Francisco Memoria

Recent Posts

OKX Wallet Sees Whales Massive Moves; More on Plus Wallet & Coinbase  

Plus Wallet Impresses with its Speedy 15-Min Token Listings While Coinbase Unveils AI Tool &…

2 hours ago

100% Bonus with BlockDAG! Ethereum Eyes Breakout, Sui Plans To Expand

BlockDAG Rolls Out Limited Time 100% Bonus For Community While Ethereum Price Looks Bullish &…

3 hours ago

Best Crypto Wallets 2024: Top Choices for Security & Rewards

The 5 Best Crypto Wallets Worth Using in 2024 — Find Out Why Selecting a…

4 hours ago

Ethereum Ecosystem Primed For A November Rally – ETH Coins Chainlink (LINK), Toncoin (TON), And Cutoshi (CUTO) The Ones To Watch

With a Total Value Locked (TVL) of $50.72B, Ethereum is the world's largest blockchain, with…

11 hours ago

Analysts Predict a Rollblock 5000% Surge Dwarfing Pepe Coin and Popcat Recent Fame

The meme coin market has recently been surging once again; tokens such as Pepe and…

21 hours ago

FLOKI Dominates Meme Market as Rollblock ICO Skyrockets. Is Polkadot Losing Its Edge?

The FLOKI price has recorded over 300% yearly ROI, dominating crypto gains in the meme…

21 hours ago