Akamai, the content delivery network (CDN) provider, has identified a malware that shows signs of DDoS attacks in Android. Called WireX, the botnet-kind malware has become such prominent that Google even identified its presence in the Play store and ultimately blocked over 300 listed Android apps.
Researchers from Akamai, CloudFlare, Flashpoint, Google, Oracle Dyn and RiskIQ have found that the malware has affected apps in various categories, such as video players, resource managers and ringtone tools among others. The researching team believes that more than 100,000 devices have been compromised through the malware. The published report by Akamai also suggests that over 70,000 unique IPs were used for attacks.
“The first available indicators of the WireX botnet appeared on August 2 as minor attacks that went unnoticed at the time. It was not discovered until researchers began searching for the 26-character User-Agent string in logs,” the Akamai report states.
Attacks triggered with ransom notes
The attacks are targeted when multiple systems flood the bandwidth or when resources of a targeted systems use one or more web servers. The botnet is often coupled with ransom notes to target users. Moreover, cybercriminals are targeting users of specific kind of apps to target the relevant audience.
Google was alerted about the malware following its discovery took place last month. The search engine giant was prompt to remove the affected apps. It also generated real-time notifications to the users of infected devices and notified them to remove the malicious apps.