Google removes 300 Android apps that secretly hijacked phones for DDoS attacks

Photo by Amelia Holowaty Krales / The Verge

Around 300 apps have been withdrawn from Google’s Play Store after they were found to be secretly hijacking Android devices to supply traffic for wide-scale distributed denial of service (DDoS) attacks, as noted by Gizmodo. Google removed apps that offered services like ringtones and storage managers after security researchers uncovered the “WireX” botnet was behind the ploy. Malware was hidden inside the affected apps, and as long as the device remained switched on it was used in DDoS attacks.

Researchers at cloud services provider Akamai discovered WireX after a hospitality company suffered from a DDoS attack involving hundreds of thousands of IP addresses. DDoS attacks work by overwhelming a target with large amounts of data from multiple IP addresses, and they’re effective at taking down websites and services that can’t cope with a data influx. Google said in a statement it’s currently in the process of removing the malicious apps from affected devices, and some researchers say up to 70,000 devices in 100 countries could be compromised. Some of the WireX attacks also asked for ransom fees.

Researchers from Akami, Cloudflare, Flashpoint, Google, Team Cymru, and others are working together to combat the botnet, which came to their attention on August 17. “Once the larger collaborative effort began, the investigation began to unfold rapidly starting with the investigation of historic log information, which revealed a connection between the attacking IPs and something malicious, possibly running on top of the Android operating system,” the researchers wrote in a joint blog post.

The researchers say organizations should share detailed metrics about DDoS attacks, in an effort to combat and learn more about them. Google is using machine learning to fight problem apps, and in May published a report showing some of its aggressive moves against malicious apps like better patching schedules is starting to pay off.


These sorts of things are so hard to prevent when you get to the scale that Android has. With 2 billion active devices out there, this affected something like 0.003% of them. I’m not so worried about my device (I tend to not download garbage ringtone apps and I have the latest monthly security patch) but when an OS is on such a variety of devices it is surprising that we don’t see worse problems.

No offence, but that sounds like a major cop out to be completely honest.

that’s cause it is one.

Not really, it’s called logic. People like to hear BS like they’re protected from everything and that will never be true. Google will make changes and it’ll still happen. The question is on what scale. 0.003% seems pretty good to me.

It is a bit and I hope it gets better but that is just what happens when you have platforms these large. I think you might be alluding to certain platforms with the misguided belief that they don’t have similar issues. They do. Though no one quite has the scale of Android. Not the diversity. Two things that should be celebrated.

So why does Google allow these malicious apps on their store anyways? Shouldn’t they do a better job of checking app submissions? Or is it all automated?

Off topic: I read that Mac developers hate the Mac App Store because it forces them to play by Apple’s rules, but I doubt any of them complain about doing so on the iOS App Store or Google Play.

Of course people complain about the iOS store. And of course the process is automated.

So if developers really hate sharing 30% revenue with Apple, Google, Microsoft, then why do they make apps for their app stores at all? I get that on iOS you’re locked to the App Store, but on Android and Windows you can download software from outside their app stores. Shouldn’t developers be avoiding Google Play so they can sell apps themselves and keep all the revenue earned?

The same reason people sell on Amazon even though Amazon takes a cut. They hate the fees, but they love the potential exposure much more.

I don’t understand the strategy here. Why does Google allow these malicious apps to be approved in the first place? Shouldn’t Google do a better job with the approval system before allowing such apps?

And what happened to Google’s ‘Bouncer’ service which was built to tighten Play Store’s security?

This was 5 years ago!

View All Comments
Back to top ↑