Google removes 300 malicious botnet apps from Play Store

Botnets disguised as unassuming phone apps, ready to go off at a moment’s notice sounds like a plot taken from a movie script. Except it was real, and involved Google and some 300 malicious apps.

WireX, the botnet that connected the apps together, was made to hijack the phone the apps were installed on as part of the botnet’s denial of service (DDoS) attack. On August 17, WireX began to attack several companies and networks with traffic requests from the infected devices.

The attack was discovered by Akamai, a content delivery network, when one of its clients fell victim to the botnet’s DDoS attack. From there, Google was alerted to an issue with potentially malicious apps. As it turned out, the Play Store had hundreds of fake apps that were posing as legitimate.

Apps ranged from storage managers to ringtones, most promising to analyze the phone’s network connection and “boost” its network speeds. Google removed many of the apps from the Play Store https://blog.cloudflare.com/the-wirex-botnet/, but the process is now turned to disabling and removing apps off of infected phones. WireX was able to compromise over 70,000 devices across 100 countries.