WireX Botnet Infects 140,000 Android Devices

This week, the Alert Logic team highlights the Over 700 Million Email Addresses Exposed and how WireX Botnet Infects 140,000 Android Devices. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Malware

WireX Botnet Infects 140,000 Android Devices

Hackers compromise 300 apps in the Google Play Store to launch a DDoS (Distributed Denial of Service) on widely used CDN’s (Content Delivery Networks) causing headaches and disrupting the business of multiple organizations. 

The attackers hid their malicious payload within legitimately functioning apps like media players, ringtones and storage managers.  The DDoS attacks would occur when the smartphone device was turned on, but not in use, making it difficult for the victim to detect malicious activity.

References: WireX Botnet Offers Glimpse of Android DDoS Threat | The WireX Botnet: An Example of Cross-Organizational Cooperation | Google Yanks 300 Apps from Play Store Used by the WireX Botnet

Mitigation Strategies:

  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity and collect system log of USB activity.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Android OS Security Software – Similar to anti-virus and/or anti-malware software, “anti-virus” for Android-based security tools should detect this threat.

Data Breach

Over 700 Million Email Addresses Exposed

Spam operators inadvertently leave directory browsing open and expose more than 700 million email addresses, along with some usernames and passwords.  Researchers believe this could be the largest number of email addresses exposed during a single breach. 

Enticing potential victims to click on a malicious link in an email is still the most successful way for hackers to initiate an attack.  Known malicious software delivered via SpamBots may infect computers, collect credentials and lead to other accounts being compromised.

References: 700 Million-Plus Email Addresses Leaked by Spam Operation | Inside the Massive 711 Million Record Onliner Spambot Dump | If Your Email Address Is On This List, Change Your Password Right Now

Mitigation Strategies:

  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity and collect system log of USB activity.
  • FIM solution would detect any type of file modification or addition.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Secure your local Browser. 

This Week's Suspicious IP Addresses

96.86.39.17 85.214.18.0/24
199.244.78.74 67.231.25.10
104.31.69.18 62.210.178.242

*IP addresses provided by Recorded Future.