HOT: » Which party would you vote for (if you could) in the upcoming snap vote in Bulgaria on April 19?

Hackers Use Thousands Of Infected Android Devices In DDoS Attacks

Crime | September 6, 2017, Wednesday // 19:38

Tweet
Share
Send to Kindle

Bulgaria: Hackers Use Thousands Of Infected Android Devices In DDoS Attacks

pixabay.com

Hundreds of thousands of home routers, IP cameras and other internet-of-things devices have been infected with malware over the past year and have been used to launch some of the largest distributed denial-of-service (DDoS) attacks ever recorded. Attackers are now doing the same with Android devices, with the help of malicious applications hosted on Google Play and other third-party app stores.

A joint investigation by the security teams from Akamai, Cloudflare, Flashpoint, Google, RiskIQ and Team Cymru has led to the discovery of a large botnet made up of over 100,000 Android devices located in more than 100 countries. The investigation was launched in response to large DDoS attacks that have hit several content providers and content delivery networks over the past few weeks.

The goal behind DDoS attacks is to flood servers with bogus traffic in order to use up their available internet bandwidth or their CPU and RAM resources so they can no longer serve requests from legitimate users. Servers are typically configured to handle a certain number of concurrent connections based on the estimated number of visitors that they're expected to receive. Load balancers, firewalls and other anti-DDoS technologies are used to limit the negative impact of any sudden traffic spikes, but with enough firepower, attackers can disrupt even the most well-protected networks.

This particular Android botnet, which has been dubbed WireX, was used to send tens of thousands of HTTP requests that were meant to resemble those coming from legitimate browsers. The researchers were able to establish a pattern to the User-Agent string reported by the rogue clients and traced them back to malicious Android applications. Some of the applications were available in third-party app stores that came pre-installed on devices, but around 300 of them were hosted on Google Play.

"Many of the identified applications fell into the categories of media/video players, ringtones or tools such as storage managers and app stores with additional hidden features that were not readily apparent to the end users that were infected," the researchers said in a report.

Most of the rogue applications requested device administrator permissions during installation, which allowed them to launch a background service and participate in DDoS attacks even when the applications themselves were not actively used or when the devices were locked.

Google has removed the malicious applications from Google Play and started to remotely remove them from affected devices as well. Furthermore, the Play Protect feature which runs locally on Android devices prevents these apps from being reinstalled, the researchers said.

Source: Forbes.com

Crime » Be a reporter: Write and send your article