Tech Firms Team Up To Take Down 'WireX' Android DDoS Botnet

An anonymous reader quotes a report from Krebs On Security: A half dozen technology and security companies -- some of them competitors -- issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle "WireX," an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks. Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat. News of WireX's emergence first surfaced August 2, 2017, when a modest collection of hacked Android devices was first spotted conducting some fairly small online attacks. Less than two weeks later, however, the number of infected Android devices enslaved by WireX had ballooned to the tens of thousands. Experts tracking the attacks soon zeroed in on the malware that powers WireX: Approximately 300 different mobile apps scattered across Google's Play store that were mimicking seemingly innocuous programs, including video players, ringtones or simple tools such as file managers.

Experts involved in the takedown say it's not clear exactly how many Android devices may have been infected with WireX, in part because only a fraction of the overall infected systems were able to attack a target at any given time. Devices that were powered off would not attack, but those that were turned on with the device's screen locked could still carry on attacks in the background, they found. The identical press release that Akamai and other firms involved in the WireX takedown agreed to publish says the botnet infected a minimum of 70,000 Android systems, but Seaman says that figure is conservative.

Once again a bullshit story

Name the fucking apps or GTFO!

Re:Once again a bullshit story

[EndlessNameless]

When apps are compromised, Google (and Apple) pull them from the app store and revoke them from user devices. The names don't matter because they're long gone by now.

Per the original article, most of the apps were compromised because a framework that they used was backdoored. This means that it was not malicious intent by the developers, so there is no point in starting a witch hunt against them directly. Hopefully, Google and the affected developers will respond intelligently to this threat vector.

And once again, the most basic security principle applies: only install what you absolutely need. Every bit of code carries a risk.

Re:Once again a bullshit story

We need and we should demand the names so we can uninstall them. Without the names the whole story is bullshit, a whitewash. The only reason they don't give them out is to protect the big players. Cut them no slack! Show them no mercy! We must stand up and fight back! When we don't, we get whatever misfortune we deserve.. So, fuck everybody! Cough up the names!

Re:Once again a bullshit story

We need and we should demand the names so we can uninstall them

Fucking loud-mouthed idiot.

Google nukes the apps remotely. You don't need to do anything. They probably got nuked before the story was even published.

Fuck the Tech Industry

Death to Billionaires

Give us our Basic Income

Re:Fuck the Tech Industry

[DontBeAMoran]

Fuck what this AC just said.

Give us our Turbo-Pascal Income.

Re:Fuck the Tech Industry

[mschwanke97402]

Fuck what this AC just said.

Give us our Turbo-Pascal Income.

Oh, choice, I’d plus you up, if I had any to give.

Re: Fuck the Tech Industry

Give us PYTHON income!

Yeah but when does Trump go to prison?

The question everyone is asking. #Mueller is hunting.

cross-industry collaboration?

I still don't see why they don't release the names of the compromised apps. I now trust the app store less. Guess I should have never trusted it in the first place.

Re:cross-industry collaboration?

Cross-industry collaboration is collusion in violation of your right to run malware.

No MAGA, Impeach

Trump lied! America isn't great again!

Android is a terrible nightmare.

Can't wake up!

How's that workin' out for ya?

You know, that Android advantage of unrestricted background execution... Yeah, yeah, they fixed it in Oreo, which is on all of 600 devices at this point.

Nothing NEW to See Here

[mschwanke97402]

Another day, another Android security mess. Oh, and look, it comes straight from the Google Play store, again.

Re:Nothing NEW to See Here

To be fair, this doesn't seem to be an Android exploit as much as malware hidden in the lgexin library. Malware which probably looks to the system like an app just sending out lots of data -- nothing that compromises the device itself (except maybe some battery life). It's something better suited for an antivirus app to find*.

It seems unfair to me to act as though it's the OS itself with the issue. I'd say Android actually has a lot of good security hardening measures in it as of 7.0: https://source.android.com/security/enhancements/enhancements70

* Though, to me, I hate the idea of some antivirus app bogging down my smartphone.

Re:Nothing NEW to See Here

My last Android security patch from wonderful Moto was 1st quarter of 2016. Do I need to be concerned?

GOOGLE IS NOT HELPING

1. Google identified approximately 300 apps associated with the issue, but they have NOT made that list available to users.

2. Not only has Google blocked these apps from the Play Store, but they’re in the process of removing them from all affected devices with NO user notification. This is despite the fact that they have the email address of the user.

3. They clearly want to be seen as a savior, but in fact, they have caused the problem by failing to exercise control over the companies that use Android and the Android name.

4. These idiots are worse than Microsoft ever was. There is no attempt at a solution here - just a stopgap action. No matter what you think of Apple, they would never let this kind of nightmare go unchecked.

a real man of god

Hi My name is johan santan,am from upper island cove , Canada.. I want to use this opportunity to thank God for using this Great prophet to solve my marriage problem. This Great Prophet of God brought my husband back to me. 3 years ago, i and my husband has been into one quarrel or the other until he finally left me for one lady. I felt my life was over and my kids thought they would never see their father again. I tried to be strong just for the kids but i could not control the pains that was tormenting my heart. My heart was filled with sorrows and pains, because i was really in love with my husband. Every day and night i think of him and always wish he would come back to me. Until one day i melt a good friend of mine that was once in my situation, but her problem was different a little bite, her ex-boyfriend who she had an unwanted pregnancy for refused to take responsibility and dumped her. She told me that mine issue was a minor case and that i shouldn't worry about it at all.So, i asked her what was the solution to my problems and she gave me this Great Prophet of God phone number and his email address. I was doubting if this Great Prophet of God could actually solve my problem. So, I contacted this Great Prophet of God and he told me what to do and i did it. He told me to wait for just four days and that my husband will come crawling on his kneels just for forgiveness. So, I faithfully did what this Great Prophet of God asked me to do and for sure after four days i heard a knock on the door, in a great surprise i saw him on his kneels and i was speechless, when he saw me, all he did was crying and asking me for forgiveness,from that day, all the pains and sorrows in my heart flew away, since then i and my husband and our lovely kids are happy. That why i want to say .) ig thank you to God for using Prophet ikehedu .to solve my marriage problem. This Great Prophet of God made me to understand that theirs no problem on earth that does not have solution.So, if you are having same problem, any problem that is similar, i will advise you to a contact This Great Prophet of God straight at prophetikehedu@gmail.com And his facebook contact is this https://www.facebook.com/profile.php?id=100014772066529)
       

Re:a real man of god

Your prophet is a registered sex offender in both Vietnam and Thailand. Just so you know.

Android Treble may finally help...

[ttsiod]

Android is currently more or less a disaster in terms of updates and security fixes. To people used to "apt-get upgrade" and "unattended-upgrades", the situation is laughable - you buy a phone and you know from the start you will get (maybe) one update to the next version of the OS - if you're lucky. After that, you're left in eternal limbo - an easy target for exploits and all sorts of malware.

Android Treble may finally help with this disaster - but for now, those of you that can, should try LineageOS.

70,000

That isn't even a minor botnet. That's a half-arsed hobby project. And this requires an unprecedented press release? Methinks a minor threat is being leveraged for some wider purpose.

Pretty easy to stall it... apk

See subject & these domains to block out in hosts files:

0.0.0.0 u.axclick.store
0.0.0.0 g.axclick.store
0.0.0.0 p.axclick.store
0.0.0.0 axclick.store
0.0.0.0 com.luckybooster.app
0.0.0.0 luckybooster.app

* Per https://blog.cloudflare.com/the-wirex-botnet/

APK

P.S.=> Of course, nothing builds a custom hosts file for more speed, security, reliability & anonymity online better than APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

Pretty easy to stall it... apk

See subject & these domains to block out in hosts files:

0.0.0.0 u.axclick.store
0.0.0.0 g.axclick.store
0.0.0.0 p.axclick.store
0.0.0.0 axclick.store
0.0.0.0 com.luckybooster.app
0.0.0.0 luckybooster.app

* Per https://blog.cloudflare.com/the-wirex-botnet/

APK

P.S.=> Of course, nothing builds a custom hosts file for more speed, security, reliability & anonymity online better than APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

VERY easy to stall it via hosts files... apk

See subject & these domains to block out in hosts files:

0.0.0.0 u.axclick.store
0.0.0.0 g.axclick.store
0.0.0.0 p.axclick.store
0.0.0.0 axclick.store
0.0.0.0 com.luckybooster.app
0.0.0.0 luckybooster.app

* Per https://blog.cloudflare.com/the-wirex-botnet/

APK

P.S.=> Of course, nothing builds a custom hosts file for more speed, security, reliability & anonymity online better than APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

Re:VERY easy to stall it via hosts files... apk

Thanks but I am not on Android. Also, I don't think you can modify and tinker your Android /etc/hosts file. Your above hosts trick must be done at the router level to work.

Re:VERY easy to stall it via hosts files... apk

Too bad for you. I don't need a router. Hosts works fine on droidphones or a PC OS's as hosts are std. on most IP stacks based on BSD original design.

WhatsApp

Before WhatsApp was devoured by a giant tech firm, it was also accessing your address book. I uninstalled it after reading the Privacy Policy. Don't know about its current tactic now though.

Yes you can on Android (ADB pull command)

See subject: You need a rooted phone & Android Debugging Bridge's PULL command to import & overwrite the existing one.

* Plus, what happens to you IF you need to hookup with a router that does NOT have the blocking list? You're "SOL" depending on routers - I'm not using hosts.

(It's ALWAYS there locally on the device itself & it's a standard part of any BSD based IP stack (most if not ALL currently are)).

APK

P.S.=> Those ARE the facts... apk