Categories: NewsSecurity

Google Removes 300 Play Store Apps That Secretly Used Phones for DDoS Attacks

Android users generally assume Google’s Play Store is safe to use since the tech giant scans all its apps to ensure none contain malware. Every once in a while, however, hackers manage to get malicious apps past Google. Recently, according to reports, Google had to remove 300 apps from its Play Store as they were found to be using Android devices to launch distributed denial of service (DDoS) attacks.

Hijacking Phones for Large-scale DDoS Attacks

The apps Google removed were seemingly harmless: video players, storage managers, and so on. As it turns out, they were merely masquerading as legitimate apps, when in reality they were hijacking users’ phones to use them as part of a DDoS botnet.

The botnet caught the attention of content delivery network Akamai after being used to assault one of its clients, a hospitality company, with traffic from hundreds of thousands of different IPs. Dubbed WireX, the botnet is said to have been active since around August 2, but was only discovered on August 17. In some of its attacks it also asked for ransom fees.

After discovering the threat, Akamai teamed up with Google and several security researchers from companies including Cloudflare, RisIQ, Team Cymru, and Flashpoint to investigate and solve the issue. The findings, according to a Google spokesperson, led to a large number of apps on the Play Store:

“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices. The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”

Related Post

These apps could use infected devices for DDoS attacks as long as they were powered on. It is not clear how many were infected, but Akamai told journalist Brian Krebs

that up to 70,000 devices could have been compromised. Researchers believe the botnet had managed to infect devices in 100 different countries.

In one occurrence, according to Gizmodo, WireX emailed the organization it was attacking

, demanding a ransom. Cybercriminals have been pushing different types of ransomware lately, as The Merkle recently reported on a Chinese underground app that allows anyone without coding skills to create custom ransomware.

Google is now handling the apps that infected Android users by removing them both from its Play Store and from affected devices. It is unclear how long that will take.

WireX’s origins

Researchers believe WireX likely began as a distributed method of “click fraud,” a form of fraud that occurs when malicious scripts or programs imitate a legitimate user clicking on ads in order to generate revenue. According to reports, multiple antivirus tools currently detect WireX as a click fraud malware, not as a DDoS botnet.

At some point, WireX’s administrators decided to use their expertise to turn WireX into a DDoS botnet. It was able to generate what appeared to be legitimate internet traffic, as it included what was named a “headless” web browser that could do everything a real browser does without displaying its interface to the user on the infected device.

Francisco Memoria

Francisco is a cryptocurrency enthusiast who's lucky enough to be able to write about his passion.

Share
Published by
Francisco Memoria

Recent Posts

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

2 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

2 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

2 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

2 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

2 hours ago

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

5 hours ago