Android.DDoS.1.origin, as it’s called, is Russian and disguises itself as the Google Play icon once downloaded. When opened, the app takes its victims to the actual Google Play store so as to distract the user. In the background, however, it searches for its command and control server — and if a connection is made, the app sends the infected phone’s number to the criminals. These hackers then administer commands to the app via text messages.
Commands include launching a DDoS attack or sending other text messages. Doctor Web suggests that the text message function could be used to spam others in the phone’s contact list, prompting them to either download the app or something else the hackers are pushing.
Nowadays when we think of DDoS attacks, we often are reminded of Anonymous, the hacker collective that launches a number of these attacks in the name of political protest. We’ve seen DDoS attacks take down a number of important websites including the CIA’s, financial institutions, and others. These attacks send large amounts of traffic toward a certain website’s servers in an attempt to overload the system and shut it down.
With this app, however, hackers with DDoS intentions are roping in innocent bystanders to do the dirty work. This isn’t the first time we’ve seen a campaign like this. In the case of the CIA website’s take down, Anonymous was accused of distributing links on Twitter to low-orbit-ion-canons (LOIC). These “cannons” send thousands of packets of information to a targeted server per second. When the Twitter links were clicked on, unsuspecting visitors would suddenly be roped into the attack.
Doctor Web goes on to say that the app can cause the phone to perform poorly, and can actually run up the owner’s bill by texting premium numbers.
Blowfish12@2012 blowfish12.tk Author: Sudharsun. P. R.
- New Android Malware Can Launch DDoS Attacks From Your Smartphone (thedroidguy.com)
- New Android malware uses Google Play icon to trick users, conduct DDoS attacks and send spam texts (thenextweb.com)
- HSBC Gets Hit By DDoS Attack (misco.co.uk)
- DDoS Attack Against Banks to Continue into the New Year (securitybistro.com)
- New Android Malware Uses Google Play Icon To Trick Users (mobile.slashdot.org)
- WordPress Pingback Vulnerability Serves DDoS attack feature (engineeringevil.com)
- Bank Regulator issues informative alert on DDoS attacks (blogs.gartner.com)
- WordPress Pingback Vulnerability Can Be Leveraged in DDoS Attacks (ehackingnews.com)
- [Resolved] Minor DDoS attack (easydns.org)