Infected Google Play Store Apps Create Potential DDoS Botnet

This week the news broke that 300 apps from the Google Play Store were infected with malware that would allow Android phones to be recruited into a botnet. It is well-known that hackers can enslave IOT-connected devices into a botnet. The botnets could conceivably be used to launch a distributed denial of service (DDoS) attack.

According to Mashable, the latest online threat is called “WireX” and it targeted Android phones. Google responded quickly by identifying and removing the compromised apps, but conservative estimates put the number of infected Android systems at 70,000. Considering that there are millions of other IoT devices that are not secure, it’s easy to understand why this is bad news for IT security professionals. There is an abundance of vulnerable devices for hackers to leverage into DDoS attacks, and it doesn’t take many bots to launch a low-level or even average DDoS attack (the infamous DDoS attack on Dyn involved 100,000 botnets).

IoT and App Security Concerns

It is widely known that IoT devices can easily be recruited into botnets if the end-users do not change the default passwords. And, it’s not surprising that hackers found a new conduit for their hijinks; it’s difficult to stay one step ahead of hacker strategies. What is slightly surprising is that the Google Play apps were not secure. This is a new responsibility for end-users; they should protect their devices by installing security patches and changing the default password (which many end-users fail to do). With this new hacking development, now consumers cannot trust that an app they downloaded is safe. IT security experts are concerned that copycat hackers will try to infect other Android apps with malware.

Botnet and DDoS Security Takeaways

There are 4 key takeaways from this story:

  1. Hackers continue to be creative in their methods of creating botnets.
  2. Even supposedly secure phones and apps can be vulnerable to being enslaved into botnets.
  3. With so many IoT-connected devices that have been recruited into botnets, DDoS attacks are not going away anytime soon.
  4. DDoS attacks are increasing in frequency and sophistication, so organizations of all types should make DDoS protection a fundamental part of their cybersecurity practices.

Corero is the leader in real-time DDoS defense, if you need expert advice, contact us.