Beware the Botnet of Apps

The proliferation of smart devices being corralled to take down the Web now has some competition, in the shape of swarms of malicious apps installed on thousands of smartphones.

Over the past year, the humble botnet—a collection of devices hacked to work with one another to send debilitating surges of data known as DDoS attacks to servers—underwent a renaissance. The huge number of insecure devices, such as video cameras and printers, that now connect to the Internet provides a hacker’s paradise, and they’ve been increasingly commandeered to take down websites and services. We even made Botnets of Things one of our 10 breakthrough technologies of 2017.

But nefarious types pulled off a similar trick by spreading 300 malicious apps across the Google Play app store. Ars Technica reports that, once installed, those apps commandeered the device on which they sat to send huge quantities of spoof traffic to websites, ultimately forcing some services offline. According to security researchers at Cloudflare, who helped an industrywide effort to understand the botnet that’s now called WireX, the hackers were at one point able to control over 120,000 IP addresses in 100 countries.

The botnet, which the researchers call "one of the first, and certainly one of the biggest, Android-based DDoS botnets," has been disabled, and the offending apps removed from the Play Store. But the news does highlight how any large collection of Internet-connected devices can be used as a botnet if hackers have the wherewithal to make it happen.