Hackers Use Thousands Of Infected Android Devices In DDoS Attacks

Hundreds of thousands of home routers, IP cameras and other internet-of-things devices have been infected with malware over the past year and have been used to launch some of the largest distributed denial-of-service (DDoS) attacks ever recorded. Attackers are now doing the same with Android devices, with the help of malicious applications hosted on Google Play and other third-party app stores.
A joint investigation by the security teams from Akamai, Cloudflare, Flashpoint, Google, RiskIQ and Team Cymru has led to the discovery of a large botnet made up of over 100,000 Android devices located in more than 100 countries. The investigation was launched in response to large DDoS attacks that have hit several content providers and content delivery networks over the past few weeks.
The goal behind DDoS attacks is to flood servers with bogus traffic in order to use up their available internet bandwidth or their CPU and RAM resources so they can no longer serve requests from legitimate users. Servers are typically configured to handle a certain number of concurrent connections based on the estimated number of visitors that they're expected to receive. Load balancers, firewalls and other anti-DDoS technologies are used to limit the negative impact of any sudden traffic spikes, but with enough firepower, attackers can disrupt even the most well-protected networks.
This particular Android botnet, which has been dubbed WireX, was used to send tens of thousands of HTTP requests that were meant to resemble those coming from legitimate browsers. The researchers were able to establish a pattern to the User-Agent string reported by the rogue clients and traced them back to malicious Android applications. Some of the applications were available in third-party app stores that came pre-installed on devices, but around 300 of them were hosted on Google Play.
"Many of the identified applications fell into the categories of media/video players, ringtones or tools such as storage managers and app stores with additional hidden features that were not readily apparent to the end users that were infected," the researchers said in a report.
Google has removed the malicious applications from Google Play and started to remotely remove them from affected devices as well. Furthermore, the Play Protect feature which runs locally on Android devices prevents these apps from being reinstalled, the researchers said.
Source: Forbes.com

UK Trial: Evidence Points to Russian Coordination in Bulgarian Spy Cell Activities
In the ongoing trial at the Central Criminal Court in London, the prosecutor, Alison Morgan, emphasized that the Bulgarians accused of spying for Russia

Another Stabbing in Sofia
A man was arrested after stabbing another driver following a traffic accident in Sofia

Bulgarian Man Sentenced to Life in UK for Rape
A Bulgarian man, 39-year-old Mariyan Grudev, has been sentenced to life in prison in England for rape and attempted rape

'I Would Do the Same Thing Again:' Woman Who Stabbed Three in Sofia to be Placed in Psychiatric Hospital
The Sofia City Court has ordered a 22-year-old woman, who stabbed three passers-by in the capital, to be placed in the psychiatric clinic at Lovech prison for a 30-day examination

Sofia Knife Attack: Investigation Ongoing, One Victim in Serious Condition
Pre-trial proceedings have been launched for attempted murder following a knife attack in Sofia that left three men injured

Bulgaria: Mother Who Killed Her Two Children in Vakarel Faces Psychiatric Evaluation
The Sofia District Prosecutor's Office is seeking a court order to detain Ksenia Plachkova and place her in a psychiatric facility for evaluation