300 apps in Google Play store were infected with a virus that allowed its creators to connect around 70 000 Android mobile devices into the network that was used to make a DDoS attack on various websites.
Forecast, made before 2017 by various cybersecurity companies and researchers, remains true today: smartphones and smart devices are the most vulnerable against cybercrime.
A quick reminder what DDoS attack is:
What happened with this Android DDoS attack?
Even though 300 apps that were involved in attacks, were legit, they had “additional” background functionality, that allowed the possibility to DDoS specific sites. Meaning, that the malicious code was added without the knowledge of app creators.
Though a number of devices might seem huge, WireX botnet was noticed and neutralized before it could do really huge damage.
One thing that experts, involved in shutting down the attack, are worried about, is the completely new attack model that is not easily controlled.
What does it mean?
And though the problem was neutralized and removed from Play store and infected devices, one of the biggest questions that still remain: how to protect yourself against it? The answer is not exactly positive.
“Using IoT devices as a source for DDoS attacks is getting really common lately and we definitely will see more advanced development in this area which will reveal new, innovative attack vectors with stealthy malware hiding in poorly secured IoT devices.” – our CISO Kęstas Malakauskas noted.
This latest attack just represents that there is no bulletproof protection and security. It is not possible to ensure that we get the legitimate software and apps even from such trusted and widely known platforms as Google Play.
“Though defense line should be built by service providers against whom the attack is directed, there is almost no protection mechanism for the mobile device user. Especially, when the hackers use such sophisticated methods of attacks.“ – added our SecOps Leonardas Marozas.
Is there anything you can do?
No one will be able to ensure and deliver secure design into all IoT ecosystem yet. Only a couple of things can be done to lower the risks:
- Download Apps and software from known legitimate portals and providers. However, as we see this won’t ensure that you won’t be lured into downloading compromised App with embedded additional malicious functionality.
- Ensure you update all your software as soon as updates are made available by vendors. If your smartphone is attacked, most you can do is to keep an eye out and update your operating system as soon as the problem is fixed.
- Use anti-malware/safe browsing solutions on all of your smart devices. Remember that most of the time, only computers are protected against various types of malware.
Have your own advice? Share it in the comments on our Facebook!
If you own smart home devices that need protection, read more about CUJO. More than 600 CUJO owners are giving us an average of 4.5 stars for great protection, fast service and excellent customer support. If you own CUJO already, let us know what you think!