Google has been forced to remove almost 300 apps from its Play Store after learning that apps were being hijacked for DDoS attacks, an attack that ESET warned its followers on social media about in early August.
The botnet, named WireX, is estimated to have possibly infected close to 70,000 devices before Google took action.
Once they became aware of the attack Google started the process of removing them, “we identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices”, said a Google spokesperson. “The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere”.
ESET detection engineer, Lukas Stefanko, first noticed the vulnerability 20 days before it was removed from the store and published technical details to keep users up-to-date, “we detected this infiltration as Android/HiddenApp and Android/Clickerand, plus we were one of the first to disclose this threat and how to get rid of it”, said Stefanko.
After discovering the issue and the new malicious apps, he immediately reported his findings to the Google Security team and shared the warning with users, “once I discovered this threat we immediately informed users through our social networks to be aware of these malicious apps and with instructions how to uninstall it”, he said.
If you are worried about inadvertently crossing paths with one of these nasty apps, Lukas has some helpful words to guide you in the right direction, “for people that only recently removed one of these infiltrators, or for people that could stumble upon them in the Play store, my advice would be to read comments and app reviews. You should mainly focus on the negative ones, make sure you have installed up-to-date security software and be aware when applications that you’ve installed change name or app icon”.