Google needs to remove hundreds of malicious apps from people’s phones

They've been used to launch cyber attacks

Aatif Sulleyman
Tuesday 29 August 2017 09:14 EDT
Comments
A 3D printed Android logo is seen in front of a displayed cyber code in this illustration taken March 22, 2016
A 3D printed Android logo is seen in front of a displayed cyber code in this illustration taken March 22, 2016 (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Google and security researchers have found hundreds of malicious apps in the Play Store.

The search engine giant has blocked them from Google Play, which means users can’t download them anymore.

However, it says it also need to remove them from any devices they’ve already been installed on.

The apps appear to be completely legitimate, and fall into a broad range of categories, such as media players, ringtones and storage managers, say Akamai, Cloudflare, Flashpoint, Oracle Dyn, RiskIQ and Team Cymru, the security firms that discovered them.

“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices,” said Google.

“The researchers' findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”

According to security blog Krebs On Security, at least 70,000 Android devices could be affected.

The malicious apps were being used to carry out distributed denial of service (DDoS) attacks, where the target is flooded with data from a huge number of sources until it’s overwhelmed and goes down.

The apps were able to launch attacks even when they weren’t being used, or when the phone's screen was locked.

“On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX,” said the researchers, who also explained that not all of the malicious apps behaved in the same way.

“The WireX botnet comprises primarily Android devices running malicious applications and is designed to create DDoS traffic.”

They added: "Antivirus scanners currently recognize this malware as the 'Android Clicker' trojan, but this campaign’s purpose has nothing to do with click fraud. It is likely that this malware used to be related to click fraud, but was repurposed for DDoS."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in