Alexandra Burlacu email: a.burlacu@mobilenapps.com
Researchers have found a new Trojan app in the Google Play store that can launch Distributed Denial of Service (DDoS) attacks from the infected device.
The malware can also receive commands from criminals, as well as send text messages from the infected device for spamming purposes.
Russian security firm Doctor Web has detected the threat as "Android.DDoS.1.origin," and said it likely spreads via social engineering tricks. According to the firm, the malicious app disguises itself as a legitimate app from Google.
Once the app is installed on an Android device, it creates an icon that resembles the one for Google Play. To further conceal suspicious activity, tapping this icon will even launch Google Play.
Once the app is launched, however, the Trojan immediately tries to make a connection with its Command and Control (C&C) server. If it manages to connect successfully, it sends the victim's phone number to the criminals and then awaits instructions sent by text message.
The malware has two main functions: start a DDoS attack on a specified server (criminals send over the server's address and the port), and send a text message (criminals send over the text message and the number to which it should be sent).
When it receives a DDoS attack command, the malware starts sending data packets to the specified address. While one affected mobile user would not be able to hurt a site singlehandedly, if the malware hits enough Android devices and target a Web site at the same time, they could potentially take it down.
Meanwhile, when the malware receives a command to send an SMS, it immediately spams the recipient. The infected device can incur unexpected charges for accessing the Internet and sending text messages, and it can also work at a significantly reduced performance.
According to Doctor Web, the origin of the Android.DDoS.1 code is greatly obfuscated, meaning the criminals behind the malware went to great lengths to hide the app's true function. Considering that the app can be used for attacking Web sites, spamming products, or drawing revenues by sending large amounts of text messages to premium numbers, hiding the app's true function makes sense.
It is also worth noting that there are no signs yet that indicate this threat is spreading at a rapid pace or that it is being rapidly distributed. On the other hand, an Android app used as a DDoS attack tool poses significant risks. Therefore, Android users should be very careful when downloading apps to their devices, and use only legitimate apps from trusted sources on Google Play.
more stories from What's App
WhatsApp beta update unlocks direct access to Meta AI via search bar. Explore the latest features and streamline your messaging experience. Update now for enhanced functionality!
ernest hamiltonWhatsApp extends video status length to 60 seconds. Share more of your life's moments with friends and family. Update now for the latest feature!
ernest hamiltonBig news for WhatsApp users! Voice message transcription may soon extend to Android. Stay tuned for enhanced messaging features.
ernest hamiltonPrivacy boost! WhatsApp introduces profile picture privacy feature, blocking screenshots. Safeguard your privacy with this latest update. Update now!
ernest hamiltonWhatsApp gears up for a game-changing update allowing users to send messages from other apps directly. Stay tuned for a revolutionary messaging experience.
ernest hamiltonEngage like never before! WhatsApp Channels unveils 4 exciting features for enhanced brand and celebrity interaction. Explore the future of messaging now!
ernest hamiltonWhatsApp elevates your experience! Now share photos and videos in original quality. Enjoy enhanced sharing today!
ernest hamiltonGoogle plans to delete dormant accounts. Learn how to preserve your Google account and safeguard your data.
ernest hamilton