Tech Firms Team Up To Take Down 'WireX' Android DDoS Botnet (krebsonsecurity.com) 29
An anonymous reader quotes a report from Krebs On Security: A half dozen technology and security companies -- some of them competitors -- issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle "WireX," an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks. Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat. News of WireX's emergence first surfaced August 2, 2017, when a modest collection of hacked Android devices was first spotted conducting some fairly small online attacks. Less than two weeks later, however, the number of infected Android devices enslaved by WireX had ballooned to the tens of thousands. Experts tracking the attacks soon zeroed in on the malware that powers WireX: Approximately 300 different mobile apps scattered across Google's Play store that were mimicking seemingly innocuous programs, including video players, ringtones or simple tools such as file managers.
Experts involved in the takedown say it's not clear exactly how many Android devices may have been infected with WireX, in part because only a fraction of the overall infected systems were able to attack a target at any given time. Devices that were powered off would not attack, but those that were turned on with the device's screen locked could still carry on attacks in the background, they found. The identical press release that Akamai and other firms involved in the WireX takedown agreed to publish says the botnet infected a minimum of 70,000 Android systems, but Seaman says that figure is conservative.
Experts involved in the takedown say it's not clear exactly how many Android devices may have been infected with WireX, in part because only a fraction of the overall infected systems were able to attack a target at any given time. Devices that were powered off would not attack, but those that were turned on with the device's screen locked could still carry on attacks in the background, they found. The identical press release that Akamai and other firms involved in the WireX takedown agreed to publish says the botnet infected a minimum of 70,000 Android systems, but Seaman says that figure is conservative.
Re: (Score:3)
When apps are compromised, Google (and Apple) pull them from the app store and revoke them from user devices. The names don't matter because they're long gone by now.
Per the original article, most of the apps were compromised because a framework that they used was backdoored. This means that it was not malicious intent by the developers, so there is no point in starting a witch hunt against them directly. Hopefully, Google and the affected developers will respond intelligently to this threat vector.
And once
Re:Fuck the Tech Industry (Score:4, Funny)
Fuck what this AC just said.
Give us our Turbo-Pascal Income.
Re: (Score:2)
Fuck what this AC just said.
Give us our Turbo-Pascal Income.
Oh, choice, I’d plus you up, if I had any to give.
No MAGA, Impeach (Score:2, Funny)
Trump lied! America isn't great again!
Nothing NEW to See Here (Score:2)
Re: (Score:1)
To be fair, this doesn't seem to be an Android exploit as much as malware hidden in the lgexin library. Malware which probably looks to the system like an app just sending out lots of data -- nothing that compromises the device itself (except maybe some battery life). It's something better suited for an antivirus app to find*.
It seems unfair to me to act as though it's the OS itself with the issue. I'd say Android actually has a lot of good security hardening measures in it as of 7.0: https://source.andr
Android Treble may finally help... (Score:2)
Android Treble [googleblog.com] may finally help with this disaster - but for now, those of you that can, should try LineageOS.