The apps were published in the Google Play Store

Aug 30, 2017 08:39 GMT  ·  By

Security researchers have uncovered new malware targeting Android devices, which are then being used as part of the WireX botnet to launch DDoS attacks against a series of targets.

Content delivery network provider Akamai came across the malware when investigating an attack launched against a client in mid-August, revealing that the first signs of DDoS attacks based on the Android malware infection were spotted on August 2.

The infection, however, was only in its early stages at that point, so the malware only became more prominent when the number of targets increased and more devices were compromised.

The malware that’s used to infect Android devices has been injected into various apps from popular categories, including video players, ringtone tools, and resource managers, which are particularly searched for on Android. Once infected, a device was used to generate traffic and contribute to a larger scale DDoS attack as part of the WireX botnet.

Apps already removed from the Play store

The research revealed that approximately 70,000 unique IPs were used for the attacks, and experts believe that nearly 100,000 devices were compromised.

The malware compromises the device in the traditional way, as it queries a command and control server and waits for attack commands.

“The applications that housed these attack functions, while malicious, appeared to be benign to the users who had installed them. These applications also took advantage of features of the Android service architecture allowing applications to use system resources, even while in the background, and are thus able to launch attacks when the application is not in use,” the research states.

It appears that a number of Android antivirus solutions already detect the malware, but they flag it as an Android Clicker trojan, with the researchers explaining there’s a chance the original code was developed for click fraud, but then repurposed for DDoS attacks.

Google has already removed the infected apps from the Play Store, but the challenge right now is to remove the malware from the nearly 100,000 devices that are believed to be infected.