Ad-fraud and DDoS attack

Though installing from official app stores like Google Playstore is recommended, threat actors will somehow manage to sneak in their malicious apps into it. And users installing will be facing consequences like data theft, ad fraud, or being served in IoT botnets. Here’s one such network created by an attacker, who, under his malicious app as Updates for Android, created a botnet to attack a cybersecurity website! ESET researcher, Lukas Stefanko described an incident regarding a DDoS attack happened on their website, back in January. This was performed by an unknown operator, who started with an app from Google Playstore. The app, Updates for Android has over 50,000 downloads from Playstore but has malware in it for two weeks before attacking the website, eset.com. After being installed, it did serve news to look legitimate but also indulged in ad fraud. Besides displaying in-app ads, it’s also displaying ads from the device’s default browser, without any permissions. Further, two weeks before launching the DDoS attack on eset.com, it started gathering devices by infecting and adding to its botnet.

Attaining the purpose

The app’s JavaScript was constantly contacting the operator’s remote server for every 150 minutes and taking commands. And one fine day in January, it attacked eset.com site with over 4,000 inauthentic devices, taking the site down. The takedown lasted for seven hours, before bringing up the site again. ESET researchers have tracked back the operator’s C2 server and tried to know the attacker. In this pursuit, they found many other scripts that are supposed for attacking e-commerce and news websites, mostly based in Turkey. The researchers have informed Google about this, and the app was taken down. Yet, it’s still available in third-party app stores. Via: ZDNet

Malicious App in Google Playstore Used For DDoS Attack on ESET Website - 34Malicious App in Google Playstore Used For DDoS Attack on ESET Website - 31Malicious App in Google Playstore Used For DDoS Attack on ESET Website - 19