It used to be that our smartphones were pretty safe from malware. However, according to Pew Research, 77 percent of Americans now own smartphones (up from 64 percent in 2015). With those kinds of numbers, it's hard for hackers, scammers and other cyber-malcontents to ignore such an enormous platform.
It seems that we are starting to regularly hear about games and apps from our supposedly safe app stores being infected with some form of malware or another. There was Torec last October and Xavier just a couple of months ago. Now, Google has removed 300 apps from the Play Store that were tied to the WireX botnet.
The WireX botnet is made up of mostly Android devices infected with malware that generates traffic for distributed denial of service (DDoS) attacks. The malware is embedded into seemingly innocuous applications like video players, ringtone makers or resource managers. According to researchers, the botnet sometimes demands a ransom from targets.
WireX made itself known when the content delivery network provider Akamai was investigating an attack against one of its clients on August 17. Collaborating with several other tech firms including Cloudflare, Flashpoint, Oracle Dyn, RiskIQ, Google and others, researchers studied the botnet to find a way to neutralize it.
Working with the cooperation of DDoS attack victims, they discovered that WireX had been around since at least August 2. At that time it is thought to have been in early development due to the infrequency and short duration of the attacks and therefore went unnoticed. They also found that in addition to the DDoS on Akamai’s client, several other attacks were carried out starting on August 15 and going for several days. Over 70,000 concurrent IP addresses were recorded, meaning at least that many devices have been infected with malware associated with WireX.
After studying victim logs, researchers were able to identify an infected app and dig into its binaries. Once they had pinpointed the malware's identifiers, they notified app stores that were carrying known infected content and told them what to look for.
Google’s abuse team looked into it and issued this statement:
“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we're in the process of removing them from all affected devices. The researchers' findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”
The offending apps have already been removed from the Play Store but it will take longer to purge the apps from 70,000 infected devices in over 100 countries.