WireX DDoS Botnet: An Army of Thousands of Hacked Android SmartPhones

Do you believe that just because you have downloaded an app from the official app store, you’re safe from malware?

Think twice before believing it.

A team of security researchers from several security firms have uncovered a new, widespread botnet that consists of tens of thousands of hacked Android smartphones.

Dubbed WireX, detected as “Android Clicker,” the botnet network primarily includes infected Android devices running one of the hundreds of malicious apps installed from Google Play Store and is designed to conduct massive application layer DDoS attacks.

Researchers from different Internet technology and security companies—which includes Akamai, CloudFlare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru—spotted a series of cyber attacks earlier this month, and they collaborated to combat it.

Although Android malware campaigns are quite common these days and this newly discovered campaign is also not that much sophisticated, I am quite impressed with the way multiple security firms—where half of them are competitors—came together and shared information to take down a botnet.

WireX botnet was used to launch minor DDoS attacks earlier this month, but after mid-August, the attacks began to escalate.

The “WireX” botnet had already infected over 120,000 Android smartphones at its peak earlier this month, and on 17th August, researchers noticed a massive DDoS attack (primarily HTTP GET requests) originated from more than 70,000 infected mobile devices from over 100 countries.

If your website has been DDoSed, look for the following pattern of User-Agent strings to check if it was WireX botnet

Read more…

Source: The Hacker News