Google recently deleted around 300 apps from the official Play Store which were used to create what is being called one of the first Android botnets. Known by the name WireX, it included around 120,000 IP addresses across 100 different countries.
The first hints of WireX existing in the wild date back to August 2, 2017, but it drew significant attention after the attacks that happened on August 17.
According to a report published by the researchers, the apps were available in the form of storage managers, audio/video players, etc. The apps were tasked to make the Android device a part of the WireX. The user was unsuspicious about the apps’ activities, as they could work in the background and use system’s resources.
WireX could send to HTTP junk traffic, with a rate up to 20,000 requests per second, to the target website. Although it’s not something big in magnitude, at least, it could force a search engine to run its CPU horses for nothing.
The mushrooming botnet was put to an end by seven companies including Google, CloudFlare, Akamai, Flashpoint, Dyn, RiskIQ, and Team Cymru.
“We believe we identified this botnet and took action while it was still in the early stages of growing,” CloudFlare’s Justin Paine told Ars Technica. That’s one of the main reasons the botnet could be taken down without much difficulty and before the hacker could increase the size of the botnet.
You can protect your device from such malicious apps by enabling the Play Protect feature rolled out by Google recently. The researchers found that the feature was showing warnings for the apps they tested.
“Notably, it is no longer possible to install this application as Google’s PlayProtect feature now blocks this app from being installed. Google is also removing it from devices that already have it installed,” the researchers write in their report.
You can read the detailed report using this link.