After received feedback from many internet infrastructure companies, Google has removed 300 apps from the Play Store. The apps are pretty harmless at first sight – they are spread across categories like video players, ringtone makers, file manager, etc. However, in reality, they are using Android devices to generate traffic for large-scale distributed denial of service (DDoS) attacks. The overwhelming traffic disrupts the targeted network or machine by overloading it.
“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices,” a Google spokesperson said in a statement. “The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”
The botnet dubbed as WireX compromises Android devices using malware loaded applications to generate traffic of DDoS attacks. The WireX botnet came to the limelight on 2nd August when Akamai, a popular content delivery network and cloud services provider, observed some hacked Android devices launching small online cyber attacks.
However, in less than two weeks, the numbers burgeoned to create a ruckus on the internet. The number of infected Android devices can be as many as 70,000. People behind WireX are reportedly threatening to bring down the networks of the big guns in the hospitality industry.
After noticing the threat, Akamai brought in researchers from different tech companies including CloudFlare, Flashpoint, Google, Oracle Dyn, RiskIQ, and Team Cymru onto a platform in a bid to eliminate WireX.
“Once the larger collaborative effort began, the investigation began to unfold rapidly starting with the investigation of historic log information, which revealed a connection between the attacking IPs and something malicious, possibly running on top of the Android operating system,” the researches revealed in a blog post.
Given how popular Android is across the world, the WireX botnet could have posed a legitimately serious threat given its modus operandi. With the botnet being masked in simple, seemingly harmless apps, it becomes quite difficult to spot it. In a bid to further bolster security on Android devices, Google had recently rolled out Play Protect.