Last week, Google announced the removal of around 300 Android apps found with malware that secretly hijacks your phone to participate in massive distributed denial of service (DDoS) attacks. The takedown was a result of collaborative investigation by several security and technology companies who discovered the WireX Android botnet and the nefarious Android mobile apps responsible.
In a written statement, Google said: “We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices. The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”
Disguised as apps offering ringtones, video players and file managers, these malicious Android mobile apps enlist your mobile device in a slave army of bots to bombard targeted sites with junk traffic to the extent that they can no longer serve legitimate visitors. Official press releases put the number of infected Android mobile devices at 70,000, although pundits suggest that the numbers are likely to be much higher.
Such Android botnets are not new
A year ago, Imperva first spotted a DDoS attack from an Android botnet through their Incapsula service. Imperva Incapsula is a cloud-based application delivery service that increases website performance and protects websites from attack.
Mobile devices connected to the Android botnet tried to bypass the Incapsula protection services by mimicking the signature of a common user and browser. A larger second attack followed using the signature of Google’s crawler and leaving an Android application footprint. This was a much larger assault with an average of 400 requests per second from more than 27,000 devices distributed around the world.
Imperva’s investigation pointed to an Android mobile app offered outside the Google store, promising thousands of jigsaw puzzles. Users that installed the malicious app were unknowing enrolled into an Android botnet, which can be used for DDoS and ransomware attacks.
Android botnets a growing problem
One thing’s for sure, with Android mobile devices commanding 84.8% of market share of smartphone sales, we may just be witnessing the beginning of a growing problem.
Asked about the future trend and growth of such Android botnets, Robert Hamilton, Director of Product Marketing for the Incapsula service at Imperva, said:
“In May, Google announced that there are more than 2 billion monthly active Android devices. This is a ginormous pool of potential botnet recruits. And while Google will take steps to reduce the ability to proliferate malware through Android apps, some malware may still get through to apps on the Google Play Store as well as apps distributed outside of the store. It’s really the law of large numbers—and they’re getting bigger all the time. Today, you only need to infect one out of every 100,000 Android devices to build a botnet of 20,000 that could wreak havoc. Based on numbers alone, I’d say you can expect to see more of this mobile botnet activity in the years ahead.”
Don’t join the Android botnet slave army
While many companies have been or fear being on the receiving end of large-scale DDoS attacks, these same companies must also be keenly aware that their staff may be unwitting participants in such attacks. This is a concern, especially if these employees are using corporate-issued mobile devices and using the company’s Wi-Fi network for internet access.
“And, while the current WireX variant is neutralized, we don’t know what’s lurking out there, so it’s important for mobile phone users to play it safe”, Hamilton said.
Imperva offers the following advice to avoid becoming a part of an Android botnet:
- If you don’t really know what you’re doing, never install any Android application which you did not download from the Google Play store.
- Even when downloading applications from the Google Play store, stick with popular and verified applications.
- Read the permissions the application requires. If it seems like it’s too much, don’t install.
- Don’t let your kids mess with your mobile device – instead buy them a cheap tablet that doesn’t connect anywhere.”
In today’s cyber threat environment, all it takes is a little more diligence and a healthy dose of scepticism to secure your mobile devices and avoid joining the Android botnet slave army.
