WireX Botnet Enslaves Android Devices

Written by

The WireX botnet was recently discovered, comprising primarily Android devices running malicious applications. It’s yet another example of seemingly harmless apps being hijacked and used for large-scale DDoS attacks.

The activities of botnets like WireX are increasingly common: In fact, research from A10 Networks has found that 38% of IT decisionmakers say their company endpoints and infrastructure have suffered a botnet attack at least once.

WireX has been largely defanged, with several of the malicious apps that were spreading its malware now removed from Google Play. But it should be a wake-up call to enterprises to make sure their employees are mindful when they download personal apps to the mobile devices they use for work. Botherders don’t just go for PCs.

Many of the identified WireX applications fell into the categories of media/video players, ringtones or tools such as storage managers. They appeared to be benign to the users who had installed them; and, the applications also took advantage of features of the Android service architecture that allow apps to use system resources even while in the background, and are thus able to launch attacks when the application is not in use.

“As we saw with the apps that were removed from the Google’s Play Store, poorly designed apps with weak security could provide the backdoor for attackers to gain entry into the employee’s corporate network,” A10 said in its report. “But who is ultimately responsible to protect employees who used non-sanctioned apps at work?”

The A10 survey, which queried 2,000 full-time employees and IT decision-makers in 10 countries, found that only two of five (41%) employees claim responsibility for the security and protection of non-business apps they use. Though to be fair, it’s hard to be mindful however if you don’t know what the dangers are: About a quarter (27%) of employees surveyed said they don’t know what a botnet is—and one out of three (37%) weren’t familiar with DDoS attacks. About 12% were not sure if they have or not suffered a botnet attack.

This becomes even more disturbing when almost half (48%) of IT leaders agree or strongly agree that their employees don’t care about following security practices, according to the A10 findings.

“It only takes one person being careless to allow bad actors to introduce malware or allow DDoS attacks to happen, which can bring the entire business to a screeching halt,” A10 noted. “This presents a good opportunity for IT to remind employees to use good identity hygiene: Implementing multifactor authentication, using longer pass phrases over passwords, deprecating expired employee accounts and monitoring access logs.”

What’s hot on Infosecurity Magazine?