IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

DDoS attacks blamed on 70,000-strong Android botnet

Security researchers discover Mirai-style 'WireX' botnet

botnet

A vast botnet comprised of 70,000 Android devices has been blamed by security researchers for a string of DDoS attacks conducted over the past few weeks.

Experts from cyber security organisations including RiskIQ, Flashpoint, Akamai, Cloudflare, Team Cymru, Oracle Dyn, Google and others joined forces to combat the botnet, dubbed WireX.

Similar to the Mirai attacks of last year, WireX used a network of malware-infected devices to flood targets with legitimate-looking HTTP requests, knocking them offline through the sheer volume of traffic.

Rather than IoT and networking devices, however, this attack was carried out using compromised Android phones. Researchers estimated that the botnet contained at least 70,000 devices in over 100 countries, although senior Akamai engineer Chad Seaman told security expert Brian Krebs that the figure could be much higher.

While researchers estimate that WireX could have been active from 2 August, the bulk of attacks did not start until 15 August, catching the attention of the security community a couple of days later on 17 August.

"These discoveries were only possible due to open collaboration between DDoS targets, DDoS mitigation companies, and intelligence firms," said a joint blog post published by Akamai, Flashpoint, Cloudflare and RiskIQ. "Every player had a different piece of the puzzle; without contributions from everyone, this botnet would have remained a mystery."

The researchers warned that keeping a DDoS attack quiet is almost impossible, and said victims should reach out for help rather than trying to pretend that everything is running smoothly.

"The best thing that organisations can do when under a DDoS attack is to share detailed metrics related to the attack," the blog post noted. "With this information, those of us who are empowered to dismantle these schemes can learn much more about them than would otherwise be possible."

According to the post-mortem report issued by the security companies involved, the malware masqueraded as seemingly-legitimate apps, including storage managers, ringtone apps and video players.

Many were downloadable only from third-party app stores, but roughly 300 of the malicious apps were hosted on the Google Play Store. Google has now removed these apps from its store, and is in the process of remotely wiping them from users' devices.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022