WireX Turns Android Phones into DDoS Botnet

WireX is a new botnet that runs on hijacked and compromised Android phones.  A bot-net is a collection of compromised devices that can be coordinated by the hijacker to work together on a certain task.  It might be bit-coin mining, or password cracking, or other tasks that require a lot of processing power.  This bot-net, like last year’s Mirai and Bashlight bot-nets, is especially interesting because it is not using computers, but other Internet connected devices.

Wirex-infected phones had been directing nuisance traffic to certain websites, and was recently taken off-line by a consortium  of Internet companies.  WireX had infected 140,000 Android phones in 100 countries, and was delivered by one of 300 exploit laden apps that had made it past the security review process at the Google Play Store.

This is on top of another recent incident involving the Play Store.  Google recently banished 500 applications after an outside security company discovered compromised advertising code being used to install spyware on Android phones.

What is the take away from these examples?  We have been recommending that smartphone users only download apps from official store sites such as the Apple Store or Play Store.  Obviously, this is no guarantee of safety, so we would amend that advice to downloading only apps you really plan to use, and removing apps that you no longer use.  Also – Android or Apple – use a smartphone anti-malware app.  These apps do a pretty good job of catching these exploits and stopping them.  I usually pick an app from the same company that I use for my computer security to keep it simple.  Some good options include:

  • Sophos Free Antivirus and Security.
  • Avast Antivirus & Security.
  • AVL.
  • Avira Antivirus Security.
  • Trend Micro Mobile Security & Antivirus.

More information:


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.