In an unprecedented move, a half dozen tech companies have teamed up to take down the “WireX” botnet which may have had tens of thousands of compromised Android devices as part of it. Noted security expert Brian Krebs has the details:
News of WireX’s emergence first surfaced August 2, 2017, when a modest collection of hacked Android devices was first spotted conducting some fairly small online attacks. Less than two weeks later, however, the number of infected Android devices enslaved by WireX had ballooned to the tens of thousands.
More worrisome was that those in control of the botnet were now wielding it to take down several large websites in the hospitality industry — pelting the targeted sites with so much junk traffic that the sites were no longer able to accommodate legitimate visitors.
Experts tracking the attacks soon zeroed in on the malware that powers WireX: Approximately 300 different mobile apps scattered across Google‘s Play store that were mimicking seemingly innocuous programs, including video players, ringtones or simple tools such as file managers.
That’s right, apps from the Google Play Store were central to the existence of this botnet. Proving once again that Google has a bit of a problem when it comes to what is available to download and install onto Android devices. But I digress. Several hundred apps that had the code to power this botnet have been removed from the Google Play Store. But this case illustrates the fact that the botnet is now at a whole new level that requires companies who aren’t friendly towards each other to team up to take down these botnets. It will be interesting to see if this sort of co-operation is the new normal, or just a one time event.