A group of technology and security companies joined forces despite being competitors to take down WireX, a new cybercrime machine that was made up of tens of thousands of Android mobile devices that were hacked by DDoS (denial-of-service) attacks.
According to a news report in KrebsonSecurity, the Android mobile phones were used during August to launch a slew of big cyberattacks. WireX, noted the report, ushers in a new wave of cybercrime tools that are harder to defend and require more collaboration from the industry to combat.
WireX first emerged on Aug. 2 of this year when a small number of Android devices were completing small cyberattacks. Under two weeks, the number of enslaved devices reached into the tens of thousands, noted the report. The botnet was able to bring down big websites in the hospitality market with the victims getting hit with so much fake traffic that it couldn’t help legitimate visitors to their websites. Security professionals tracking the attack quickly pinpointed the WireX malware, which was made up of about 300 different mobile apps in the Google Play Store, running the gambit from video players to ringtones. The apps did their basic functions, with the report speculating that may have been to avoid raising suspicions, but along with the app was a program that infected the device and made it connect to an internet server used by the creator of the malware.
“We identified approximately 300 apps associated with the issue, blocked them from the [Google] Play Store, and we’re in the process of removing them from all affected devices,” Google said in a written statement, according to the report.
“The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.” Chad Seaman, a senior engineer at Akamai, a company which helps firms afflicted by DDoS attacks, told KrebsOnSecurity. The 70,000 Android systems infected, which the tech companies all used as their figure in press releases, is conservative. “Seventy thousand was a safe bet because this botnet makes it so that if you’re driving down the highway and your phone is busy attacking some website, there’s a chance your device could show up in the attack logs with three or four or even five different internet addresses,” Seaman said. “We saw attacks coming from infected devices in over 100 countries. It was coming from everywhere.”