WireX DDoS Botnet enslaving Android Device using Infected Apps
Google recently deleted around 300 apps from the official Play Store which were used to create what is being called one of the first Android botnets. Known by the name WireX, it included around 120,000 IP addresses across 100 different countries.
The first hints of WireX existing in the wild date back to August 2, 2017, but it drew significant attention after the attacks that happened on August 17.
According to a report published by the researchers, the apps were available in the form of storage managers, audio/video players, etc. The apps were tasked to make the Android device a part of the WireX. The user was unsuspicious about the apps’ activities, as they could work in the background and use system’s resources.
WireX could send to HTTP junk traffic, with a rate up to 20,000 requests per second, to the target website. Although it’s not something big in magnitude, at least, it could force a search engine to run its CPU horses for nothing
The mushrooming botnet was put to an end by seven companies including Google, CloudFlare, Akamai, Flashpoint, Dyn, RiskIQ, and Team Cymru.
You can protect your device from such malicious apps by enabling the Play Protect feature rolled out by Google recently. The researchers found that the feature was showing warnings for the apps they tested.