Google Launches Play Protect then distributes malware infected apps

Jason Yeaman

Published in

Mobile⌘Tech News

4 min readSep 2, 2017

Hundreds of Google PlayStore apps infected with malware.

According to Krebs, an Android powered botnet conducted DDOS against hospitality industry websites. Glossed -“WireX”-, the attack is conducted by malware infected Android mobile devices.

Turned into zombies and used for coordinated remote attacks against public web servers — billions and billions (not really…it was 100K or so) of Android devices sent an overwhelming amount of Google-powered packet-data to these poor, unsuspecting servers…until they could function no-more:

“News of WireX’s emergence first surfaced August 2, 2017, when a modest collection of hacked Android devices was first spotted conducting some fairly small online attacks. Less than two weeks later, however, the number of infected Android devices enslaved by WireX had ballooned to the tens of thousands.”
“More worrisome was that those in control of the botnet were now wielding it to take down several large websites in the hospitality industry — pelting the targeted sites with so much junk traffic that the sites were no longer able to accommodate legitimate visitors.”

What that looks like:

Why you should care:

Because security matters. And while you may be rolling your eyes at the Goog because of their seemingly frequent shortcomings when it comes to Android security, you should understand that bad-guy ROI has a lot to do with it. Android is targeted because the pool of prospective suckers — or rather — zombies, is far greater.

That means the efficacy : deployment ratio is much more lucrative.

But that doesn’t mean Mountain View isn’t trying.

Last week, Google launched a PR campaign that spotlights the security of the Google PlayStore and the apps that are distributed from it. This effort came equipped with multimedia videos, web sites in multiple languages, super sparkly graphics and words of affirmation all but guaranteeing you a worry-free Android-based mobile computing experience that is security-centric:

Response from The Goog

“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices, The researchers’ findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”

Sneaky Factor: 10

The lengths to which the architect of the malware went to ensure the highest number of applications were approved by Google we’re unprecedented: The applications actually did what they said they did in the app approval submission statement.

Perhaps to avoid raising suspicion, the tainted Play store applications all performed their basic stated functions. But those apps also bundled a small program that would launch quietly in the background and cause the infected mobile device to surreptitiously connect to an Internet server used by the malware’s creators to control the entire network of hacked devices. From there, the infected mobile device would await commands from the control server regarding which Websites to attack and how.

A safe and secure mobile experience is an expectation that every user of mobile technology should consider when adopting their platform of choice. Unfortunately, not every user understands the pitfalls or consequences of installing and using malicious applications. In the past, Android users were lured into installing an .apk that was described as a free version of the legitimate paid application that officially resides on the PlayStore, but is hosted somewhere else. To address that issue, Google placed a toggle in settings that required the user to cognitively switch before the operating system would allow the installation of applications from untrusted or non-vetted developers. By doing this, Google gently guided Android Users away from app repositories they had no control over and slightly hardened the security posture of Android.

To reinforce the perception of app security measures deployed by Mountain View in the PlayStore, Google lures Android users to the official point of distribution using security as the narrative that would combat the lucre of “free” applications from a nefarious repository:

All Android apps undergo rigorous security testing before appearing in the Google Play Store. We vet every app developer in Google Play and suspend those who violate our policies. So even before you download an app, you know it’s been checked and approved. Then, Play Protect scans billions of apps daily to make sure everything remains spot on.

Despite the reassurance from Google on the safety and security of PlayStore distributed applications, we have Android Users who are completely oblivious to the fact that their mobile device and the devices of thousands of other Android users who don’t know each other, are being used by someone they have never met to attack a server that belongs to a business they have never patronized…and they don’t even know they are doing it.

Originally published at imthemobile.guru.