Android Based Botnet launches DDoS Attacks

Android Based Botnet launches DDoS Attacks, Phishing Intelligence

On the 17th of August, a lot of content providers and delivery network companies were attacked by a botnet called WireX. A multitude of Android devices was being used to launch the attack to the targeted victims through malicious applications on the devices that are running in the background and is programmed to create DDoS traffic.

Android Based Botnet launches DDoS AttacksThe earliest signs of attacks

It was on the 2nd of August when the first signs of WireX botnet attack came, but it went on unnoticed at that time. It was only discovered when researchers began analyzing logs and then looked for the 26 character User-Agent string within the logs. Most likely during that stage, it was in the early stages of its development due to its minimal effects.

Why should we be troubled?

Website owners should be worried because those in control of the botnet now have the capability to take down several large websites – putting junk traffic to it and then by consuming too much bandwidth, the website’s pages and services will go down. One should be very conscious about website malware attacks and it’s available protection.  Too bad it was used for evil purposes such as causing bad publicity and disruption of legitimate services.

How it attacks

WireX uses the application layer of apps to launch attacks, being able to harness massive force depending on the number of Android devices it has already affected.

Majority of the affected applications were easily downloaded from Google Play Store, there were over 300 applications reportedly discovered which carries the malware launching the botnet through the apps. The botnet starts a background process on the affected Android device that would seem to launch an unseen browser and emulate series of endless legitimate browsing activities that would look like a human being has done it. The traffic mainly generated by the attack nodes is by HTTP (get) requests, however, there are some variants that was capable of issuing POST requests.

Google removed the discovered apps from the Play Store as soon as they got the report of the incidents, and currently, they are working on removing the apps from the phones of the affected Android devices.

To anyone who suffered a DDoS Attack you may want to verify the following pattern of User-Agent series if it was WireX botnet:

 

User-Agent: jigpuzbcomkenhvladtwysqfxr

User-Agent: yudjmikcvzoqwsbflghtxpanre

User-Agent: mckvhaflwzbderiysoguxnqtpj

User-Agent: deogjvtynmcxzwfsbahirukqpl

User-Agent: fdmjczoeyarnuqkbgtlivsxhwp

User-Agent: yczfxlrenuqtwmavhojpigkdsb

User-Agent: dnlseufokcgvmajqzpbtrwyxih

What can be done during an attack?

It ought not to be the matter of amazement and stun when even your affirmation saying yes on anything can hurt you. We saw new sort of Voice Phishing and its conceivable outcomes. Security professionals should gather data and metrics and then share it. With the information gathered, experts and those who have the means to counter it can learn much more about it.

About the author

4 Responses
  1. […] Triada Android Malware has been known to exist on some models of Android phones during the manufacturing stage. Even if you have been careful about what you install and what you download on your personal device, if it already exists on your device it won’t be enough to protect your data. […]

  2. […] SMS malware: This involve creation and distribution of malware by hackers designed to target a victim’s mobile device, these Trojan are designed to make unauthorized calls of send unauthorized texts without the user’s consent. Incidentally, the most destructive malware threat for Android are those executed online via Mobile Apps like Droid09 – capable of uploading several phone online banking apps, Android. PjappsM – this steal information from infected devices and enroll the device in a botnet that then launched attacks on website to steal more data and infect more devices and Geinimi – corrupted a number of legitimate Android games on Chinese download sites, and added infected to a mobile botnet. […]

Leave a Reply