Google has removed more than 300 apps from the Play Store after it was revealed that they were hijacking Android devices to perform secret distributed denial of service (DDoS) attacks. Security researches who discovered the seemingly innocuous apps say that around 70,000 devices may have been infected.
The apps claimed to provide a variety of seemingly legitimate services, such as video players and ringtones. However, buried inside them was a botnet nicknamed WireX, which was used to quietly send DDoS attacks that users had no knowledge of. It was discovered when a client for content delivery network Akamai was suddenly hit with traffic from thousands of IP addresses.
Akamai enlisted the help of researchers from a handful of big tech companies, including Google, Cloudflare, and Flashpoint, to identify the cause of the attack. They found that around 70,000 devices throughout 100 countries had been infected.
“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices,” a Google spokesperson said in a statement. “The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”
In one instance, the DDoS attack was accompanied by a ransom email that demanded money for the attack to be stopped. Researchers are calling for companies affected by issues like this to share as much information as possible with those who have the ability to eliminate them.
“The best thing that organizations can do when under a DDoS attack is to share detailed metrics related to the attack. With this information, those of us who are empowered to dismantle these schemes can learn much more about them than would otherwise be possible,” reads a blog post from Cloudflare.
This is just another example of Android apps being used to distribute malicious software that goes undetected for large periods of time. Google has already pulled several apps from the Play Store this month that were found to contain hidden surveillance software, while researchers have also discovered banking malware.
Google has stepped up Android security in recent years, and now has malicious software checks baked into its operating system. However, many dangerous apps continue to slip through its net, and in most cases, users have no idea their device has been infected by them.