Use #itsaexpo #itsa365

25 - 27 October 2022 // Nuremberg, Germany

it-sa Newsroom

Smartphone botnet discovered

For the first time this year, more people in Germany own a smartphone than a PC, according to a recent survey. This is why cybercriminals are increasingly targeting mobile devices. And the race against cybercrime will continue as Apple just introduced its new iPhone. In other sectors like smart home automation, smartphones also play a key role, as they are increasingly being used as a control centre for other devices.

For the first time now, security specialists have discovered a botnet that consists exclusively of smartphones. It is designed for DDoS attacks in which the compromised devices launch floods of data packets at their targets.

The botnet, dubbed WireX, consists of well over 100,000 Android devices distributed over more than 100 countries. The first attacks were noted as early as the beginning of August. They escalated suddenly in mid-August, which is when they grabbed the attention of security experts. Numerous website operators are said to have received ransom notes ahead of the attacks that demanded payments to avoid the ambush.

It took the combined efforts of various security companies and network service providers to shed light on the botnet. In the end the malware was found in more than 300 apps in Google's Play Store, including on video player or tools for memory management. Normally, users don't notice the malware, because following installation it waits for instructions from master computers known as "command and control servers". However, the apps that were discovered were mostly removed immediately by Google from the Play Store.

Because the attackers kept managing to sneak contaminated apps into the Google Play Store, Google launched the "Play Protect" project in the spring as a tool for checking apps and filtering out malware. It also allows apps already installed to be deleted from the devices if they contain malware. However, Play Protect is only available for newer versions of android and users can disable this function in the Play Store.


You will also find news about all aspects of it-sa and the IT security environment in the it-sa Security Newsletter.

To register for the newsletter