Google Delete 300 App For Hijacking DDOS Attack On PalyStore

Google Delete 300 App For Hijacking DDOS Attack On PalyStore

Massive DDoS attacks on websites and company networks are mostly associated with IoT devices. These next-gen techs serve as an easy to source inventory for the hackers when creating gigantic botnets. But in the recent past, a more common breed of devices popularized by the name Android has become an apparently soft target.








Google has removed roughly 300 apps from its Play Store after security researchers from several internet infrastructure companies discovered that the seemingly harmless apps—offering video players and ringtones, among other features—were secretly hijacking Android devices to provide traffic for large-scale distributed denial of service (DDoS) attacks.


The first hints of WireX existing in the wild date back to August 2, 2017, but it drew significant attention after the attacks that happened on August 17.

According to a report published by the researchers, the apps were available in the form of storage managers, audio/video players, etc. The apps were tasked to make the Android device a part of the WireX. The user was unsuspicious about the apps’ activities, as they could work in the background and use system’s resources.

WireX could send to HTTP junk traffic, with a rate up to 20,000 requests per second, to the target website. Although it’s not something big in magnitude, at least, it could force a search engine to run its CPU horses for nothing.

wirex botnet Android DDos
Image: The Estimated growth of the botnet based on the count of unique IPs per hour observed participating in attacks.
The mushrooming botnet was put to an end by seven companies including Google, CloudFlare, Akamai, Flashpoint, Dyn, RiskIQ, and Team Cymru.

After noticing the attack on one of its customers, Akamai brought in researchers from a handful of tech companies including Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, and Team Cymru. The group believes that the infected devices are spread throughout 100 countries.

“We believe we identified this botnet and took action while it was still in the early stages of growing,” CloudFlare’s Justin Paine told Ars Technica. That’s one of the main reasons the botnet could be taken down without much difficulty and before the hacker could increase the size of the botnet.

You can protect your device from such malicious apps by enabling the Play Protect feature rolled out by Google recently. The researchers found that the feature was showing warnings for the apps they tested.

Android malware play protect





“Notably, it is no longer possible to install this application as Google’s PlayProtect feature now blocks this app from being installed. Google is also removing it from devices that already have it installed,” the researchers write in their report.

You can read the detailed report using this link.