They looked like storage managers, video players, and ringtones, among other things. If you downloaded them from the Google Play store, they would indeed do whatever they were supposed to. But in the background, they would also take over your Android device, making it part of a giant botnet designed to launch distributed denial-of-service attacks and demand ransoms from its unwitting victims–while it appeared to continue functioning normally from your point of view.
We don’t know when the malware-ridden apps first appeared in the Play Store, but they captured a lot of attention on August 17 when the botnet, which researchers named WireX, launched a distributed denial-of-service (DDoS) attack against a hospitality company. In a denial-of-service attack, a site is overwhelmed with traffic from many different IP addresses. In this case, security researchers from several different companies worked together to trace the attack. They found it was coming from more than 100 countries, highly unusual for a botnet. Then they discovered the malicious software string was associated with apps downloaded to Android devices and alerted Google to their findings. They estimate that 70,000 Android devices may be affected.
Google responded quickly and says it has now removed the malicious apps from the Play Store and is in the process removing them from affected devices. But the fact that this has happened once means it can happen again. Some security experts say that now that this set of hackers has shown it’s possible to create a botnet by distributing apps on an app store, others are likely to try it as well.
What should you do? When downloading apps from any app store, carefully consider the source before you click “install.” Does it look legitimate? Has the same developer published other apps? How long has the app been there?
Pay special attention to the app’s reviews. First of all, how many reviews are there? Lots of developers pay reviewers to make their apps look good, so the fact that there are a dozen or so reviews doesn’t mean anything. Ideally you’re looking for hundreds of mostly positive reviews.
Also, you wouldn’t leave your desktop or laptop computer unprotected with no security software, so don’t do that with your smartphone or tablet either. Download and install a reputable security application and keep it updated.
Finally, keep an eye out for inexplicably slow performance or short battery life on your device. Either of these things could indicate that someone besides yourself is using it–and they’re probably up to no good.