Aliju Security xiaobibian has repeatedly reported the occurrence of malware in the official APP market, which makes people think twice before downloading apps.
A group of security firms recently discovered a new and widespread botnet made up of thousands of Android smartphones.
The botnet, known as WireX and identified as “Android Clicker” by anti-virus detection, mainly includes Android devices running hundreds of malware downloaded from the Google Play Store, designed to carry out large-scale application-level DDoS attacks.
Security researchers from various technology companies including Akamai, CloudFlare, Flashpoint, Google, Oracle Dyn, RiskIQ, and Team Cymru discovered a series of cyber attacks in early August and worked together to combat the botnet.
Although Android malware activity is quite common, this newly discovered activity is not very sophisticated. But it was impressive that multiple security companies, half of them competitors, had the best interests of the Internet community as a whole in mind, were able to share data and fight botnets together.
The WireX botnet was used to launch a small DDoS attack at the beginning of the month, but has escalated since mid-month.
The WireX botnet infected more than 120,000 Android phones in early August. On August 17, researchers noted a massive DDoS attack launched by more than 70,000 infected phones from more than 100 countries.
If your site has been hit by a DDoS attack, search the following user-agent string to determine if it is a WireX botnet:
After further investigation, security researchers identified more than 300 malware on The Google Play store, including apps containing WireX malware such as media, video players, phone ringtones, storage management tools, and more.
Like other malware, the WireX malware does not initially perform malicious behavior in order to evade Security detection on Google Play. In contrast, WireX malware patiently waits for command and control (C2) instructions from multiple “axclick.store” subdomains.
Google has identified and removed most of the WireX malware, which was downloaded by users in Russia, China and other Asian regions. But the WireX botnet is still active on a small scale.
—————————–
This article is compiled from ThehackerNews. For more security hot information and knowledge sharing, please pay attention to the official blog of Aliju Security