In the past three months, we have seen plenty of distributed denial of service (DDoS) attacks that have affected both corporations and individuals. Internet giant Google has been involved in the process of keeping a check on such cyber threat cases, and this time it has removed roughly 300 malicious apps from Google Play store that could take control of Android devices to participate large-scale DDoS attacks.
Researchers at Akamai in a blog post have pointed out that a botnet named WireX corrupted multiple content delivery networks (CDNs) and other content providers on August 17. The botnet comprised Android devices that were running malicious apps designed to create a DDoS attack. Akamai has joined hands with major companies such as Google, Cloudflare, Flashpoint, Oracle Dyn, RiskIQ, and Team Cymru among others to combat this threat from spreading further.
In its blog, Akamai defines WireX botnet as "a volumetric DDoS attack at the application layer. The traffic generated by the attack nodes is primarily HTTP GET requests, though some variants appears to be capable of issuing POST requests." It notes further that the infected apps, including storage managers, media/ video players, ringtones, and other tools, had "additional hidden features" that activated at launch. These features then made the Android operate or participate in a larger DDoS attack as long as the device was powered on. The number of exploited Android devices is not clear yet but the researchers have reported it to be something around 7,000 to a Krebs On Security reporter.
"We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we're in the process of removing them from all affected devices. The researchers' findings, combined with our own analysis, have enabled us to better protect Android users, everywhere," says Google while commenting in a response to Akamai's research, where it also mentioned that it is removing up to 300 apps from the Play store. The instances of such apps were found when the researchers assigned to investigate this matter traced back some nodes to an attack that happened on August 17 from an unusual APK file with a jumbled up filename - 'twdlphqg_v1.3.5_apkpure.com.apk'. Then, the researchers smelled that these apps could have more copies, duplicates, and instances directly related to the DDoS attack.
With the new alliance between the aforementioned firms against the cyber threat of DDoS attacks slowly pervading in the Android ecosystem, the companies have also agreed to share the metrics and data about the attacks. Google is also employing its machine learning capabilities to ensure better security for the Android platform, along with the ecosystems belonging to other allies.