But nefarious types pulled off a similar trick by spreading 300 malicious apps across the Google Play app store. Ars Technica reports that, once installed, those apps commandeered the device on which they sat to send huge quantities of spoof traffic to websites, ultimately forcing some services offline. According to security researchers at Cloudflare, who helped an industrywide effort to understand the botnet that’s now called WireX, the hackers were at one point able to control over 120,000 IP addresses in 100 countries.
The botnet, which the researchers call "one of the first, and certainly one of the biggest, Android-based DDoS botnets," has been disabled, and the offending apps removed from the Play Store. But the news does highlight how any large collection of Internet-connected devices can be used as a botnet if hackers have the wherewithal to make it happen.