Google has pulled roughly 300 apps from the Play Store because they were secretly engaging devices in distributed denial of service (DDoS) attacks. Serious attacks from a WireX botnet hit a number of content providers and Content Delivery Networks (CDNs) on August 17, with the botnet tapping Android devices infected with malware in order to drive DDoS traffic. DDoS attacks work by flooding the target with data from various IP addresses, often hijacking devices to have them secretly help in the attack. The targets are then overwhelmed by the huge amounts of data and go offline. Multiple websites and services have been taken down by DDoS attacks so far and the trend seems to be continuing.
Google was informed last week that malware designed to employ devices in DDoS attacks plagued the Play Store. Upon a closer look, the company removed around 300 malicious apps that contained the WireX botnet. Such apps offered storage management solutions, video players, or ringtones and seemed harmless, with no telltale signs that they would infect the device with malware and use it in DDoS attacks. The device owners did not know their smartphones and tablets were being used to drive DDoS traffic, as the hidden malware worked discreetly for as long as the device was turned on. The botnet has apparently been active since August 2, but it mainly went unnoticed until the August 17 attacks. If the attacks did not affect one of Akamai's clients, the WireX botnet might have remained under the radar for even longer.
Various organizations joined forces to fight this botnet, bringing together researchers from Google, Cloudflare, Akamai, Oracle Dyn, Flashpoint, Team Cymru, RiskIQ, and more. In order to effectively combat DDoS attacks and malicious botnets, researchers are urging organizations to share more detailed information about the attacks they faced. Google says it identified the malicious apps and removed them from the Play Store, and is now working on removing them from devices as well. The company highlights that its analysis, along with the researchers' findings, should allow it to better protect Android devices against such threats. It remains unclear just how many devices were infected, but the number could be around 70,000 across as many as 100 markets.