Google pulls 300 Play Store apps infected with WireX botnet malware
Google has pulled around 300 apps from the Google Play Store after it was alerted that they each carried the WireX botnet malware. Although not appearing to have posed a particular threat to the 70,000 smartphone owners affected, the malware took advantage of features in the Android service architecture that allowed it to use system resources to carry out distributed denial of service (DDoS) attacks. Once activated, the malware also worked in the background making it capable of being involved in an attack even when the app was not in use.
Researchers from Akami, Cloudflare, Flashpoint, Google, Team Cymru, among others, cooperated to identify and ultimately defeat the botnet in its current form. It first became active on August 2, but this escalated into a major DDoS attack on August 17 against a hospitality company website. Up to 70,000 IP addresses targeted the website simultaneously with large amounts of data, aiming to exceed the bandwidth of the site so that it would crash. The attacks were launched from over 100 countries, suggesting that the malware affected apps were widely available.
Following the removal of the apps, Google issued a formal statement:
We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices. The researchers' findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.