Google pulled around 300 malicious apps from their Play Store this week after learning the apps carried code to hijack Android phones and enlist them into part of the WireX DDoS botnet. Most of the affected apps included media/video players, ringtones, and storage managers. So if you suddenly see a random blank space on your home screen where an app icon used to be, it’s likely for the best.
“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices,” Google said in a written statement. “The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”
Most of the time, the malicious app did in fact execute their intended function, giving Android users a false sense of legitimacy. But unbeknownst to the phone’s owner, the apps also ran code in the background to that turned it into a member of WireX’s botnet army as it carried out global DDoS attacks. In a few cases, the malware also acted like ransomware.
Companies were alerted to the danger when WireX mounted a massive DDoS attack on August 17th. But evidence suggests the malware may have started carrying out smaller attacks beginning August 2nd.
In a remarkable show of teamwork, researchers from several software and security firms including Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, and Team Cymru all came together to identify and ultimately dismantle the malware.
In their press release, the companies estimate the 300 infected apps were installed on over 70,000 devices across 100 countries. But according to Krebs on Security, this figure is likely very conservative and could reach between 130,000 to 160,000. Google is currently underway in identifying the affected devices and deleting the apps.
Overall, the group of companies that took WireX down stressed the importance of collaboration across tech firms – even between competitors – to take down the next generation of malware. Experts say the open culture of collaboration and data sharing was pivotal to their successful counter-offensive. It will be important they continue this open culture in order to take on the ever-increasingly complex malware attacks to come.