Hundreds Of Android Apps Pulled From Google Play Store After Researchers Discover Botnet

Image courtesy of Google

Google pulled nearly 300 malicious apps from the Google Play Store this week, after a team of researchers from several internet companies discovered that they were all hijacking phones’ power into a massive international botnet spanning more than 100 countries.

The problem

The issue is a botnet called WireX.

Several different internet companies — Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru, and others — worked together to identify WireX after it first appeared on Aug. 17.

Researchers from all these organizations were able to identify that WireX was being powered by roughly hundreds of different, seemingly innocuous Android apps: video players, storage management tools, or ringtones, for example.

After the researchers worked out the scope and details of the attack, they notified Google of their findings, and more than 300 apps were pulled from the Google Play Store. Several of the organizations jointly published a blog post explaining the technical details of their findings.

A whatnet?

A computer is powerful; loads of computers working together are enormously powerful. That’s the general principle behind a botnet: Hackers put some kind of malicious code on as many systems as possible, then use them all to do something.

Increasingly, that “something” is to launch a Distributed Denial of Service attack, or DDOS, against some entity. In a DDoS attack, hijacked devices basically pound some server with such a ludicrous number or access requests that it can’t keep up, and either crashes or, at the very least, is unable to serve legitimate traffic.

For example, a DDoS attack against a hosting provider in 2016 left millions of users unable to access major platforms like Reddit, Spotify, and Twitter for several hours.

Anything that can connect to the internet can be taken over and turned into part of a botnet. That 2016 attack was perpetuated in part by hackable webcams made by a Chinese firm. Millions of other devices worldwide also get pulled into botnets regularly, in part because a huge percentage of the “things” in the internet of things are ridiculously hackable and poorly secured.

Phones aren’t usually included

Desktop and laptop computers have been vulnerable to being swept up in botnets since roughly the dawn of the internet, and it’s common to see processing power borrowed from any available IoT device. But despite mobile phones overwhelming pervasiveness in the modern world, they are not commonly a part of botnet-driven DDoS attacks.

It is, unfortunately, fairly common for nasty things to be hiding in Android software; for example, more than 500 apps were recently found to be holding a significant vulnerability that let third parties access your data.

Android is more vulnerable to attack than iOS largely because of its decentralized nature. No matter what carrier you use an iPhone on, Apple solely controls the operating system and updates to it. But Android phones are made by dozens of manufacturers and run on dozens of different wireless carriers — and the device-makers and wireless carriers, not Google, are primarily responsible for keeping those hundreds of millions of phones up to date.