![]() It was coming from everywhere.” BUILDING ON MIRAI “We saw attacks coming from infected devices in over 100 countries. “Seventy thousand was a safe bet because this botnet makes it so that if you’re driving down the highway and your phone is busy attacking some website, there’s a chance your device could show up in the attack logs with three or four or even five different Internet addresses,” Seaman said in an interview with KrebsOnSecurity. The identical press release that Akamai and other firms involved in the WireX takedown agreed to publish says the botnet infected a minimum of 70,000 Android systems, but Seaman says that figure is conservative. “I know in the cases where we pulled data out of our platform for the people being targeted we saw 130,000 to 160,000 (unique Internet addresses) involved in the attack,” said Chad Seaman, a senior engineer at Akamai, a company that specializes in helping firms weather large DDoS attacks (Akamai protected KrebsOnSecurity from hundreds of attacks prior to the large Mirai assault last year). Devices that were powered off would not attack, but those that were turned on with the device’s screen locked could still carry on attacks in the background, they found. From there, the infected mobile device would await commands from the control server regarding which Websites to attack and how.Ī sampling of the apps from Google’s Play store that were tainted with the WireX malware.Įxperts involved in the takedown say it’s not clear exactly how many Android devices may have been infected with WireX, in part because only a fraction of the overall infected systems were able to attack a target at any given time. But those apps also bundled a small program that would launch quietly in the background and cause the infected mobile device to surreptitiously connect to an Internet server used by the malware’s creators to control the entire network of hacked devices. ![]() Perhaps to avoid raising suspicion, the tainted Play store applications all performed their basic stated functions. “The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.” “We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices,” Google said in a written statement. ![]() More worrisome was that those in control of the botnet were now wielding it to take down several large websites in the hospitality industry - pelting the targeted sites with so much junk traffic that the sites were no longer able to accommodate legitimate visitors.Įxperts tracking the attacks soon zeroed in on the malware that powers WireX: Approximately 300 different mobile apps scattered across Google‘s Play store that were mimicking seemingly innocuous programs, including video players, ringtones or simple tools such as file managers. Less than two weeks later, however, the number of infected Android devices enslaved by WireX had ballooned to the tens of thousands. News of WireX’s emergence first surfaced August 2, 2017, when a modest collection of hacked Android devices was first spotted conducting some fairly small online attacks. ![]() This graphic shows the rapid growth of the WireX botnet in the first three weeks of August 2017.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |