Should you discover on your Android device this morning that your favorite 3rd-party video player, ringtone app or storage manager has vanished, it’s okay; it was for your own good. This morning, Google removed a whopping 300 apps from the Play Store that allow the hijacking of your phone as part of a botnet’s distributed denial of service (DDoS) attacks, while pretending to be legitimate programs. The botnet in question is called WireX, which was behind the DDoS attacks of many online content providers and delivery networks between August 2nd and 14th, while sometimes acting as ransomware (with the intention of demanding money from those inflicted).
Akamai, a content delivery network, was the entity that discovered the botnet’s existence after one of their clients was attacked. Akamai later got in touch with Google and other security researchers — including from rival companies — such as Cloudflare, Oracle + Dyn, Flashpoint, Team Cymru, RiskIQ and other organizations to find a solution. Based on the research, WireX compromised over 70,000 devices from over 100 countries. Once Google discovered the existence of hundreds of fake apps masquerading as common apps (i.e., Device Analysis, Tube Player, Lucky Booster, etc.) containing the WireX exploit the Mountain View-based company blocked all of them while working on removing them from affected devices.