Not all is going well for Google Play these days. Just a few days after the reveal about 500 Android apps with over 100 million combined downloads containing malware, we have hundreds of more apps being used a botnet for DDoS attacks.
According to Krebs on Security, a joint effort from half a dozen tech companies recently dismantled ‘WireX’ – an Android botnet – composing of tens of thousands of hacked Android devices. WireX was used to launch a series of massive cyber attacks this month.
The botnet was first identified earlier this month and after tracking the malware, the researchers discovered over 300 applications in Play Store that were associated with the malware.
“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices,” Google said in a statement.
Google’s Play Protect has also been updated with information about this botnet and it will now stop you if you are trying to install an infected application.
These malicious apps were masquerading as basic applications, which performed the normal tasks they claimed to offer, but would quietly launch a small program in the background. This program would connect to its creators through an internet server and wait for commands for an attack.
It is unclear exactly how many Android devices were infected with this malware, but a conservative estimate suggests around 70,000 devices were part of this botnet.