Security researchers from different organizations have discovered a DDoS botnet made up of hacked Android devices. The botnet which the researchers named "WireX" contains thousands of infected Android devices that installed malware-infected apps from the Google Play Store and other third party app stores.
The security researchers which came from Google, Cloudflare, Flashpoint, Akamai, RiskIQ and others said that the WireX botnet had infected thousands of Android devices in the Month of August alone and on the 17th of August the creators of the botnet conducted a huge DDoS attack (HTTP GET and Post requests).
According to BleepingComputers, "Researchers say the attacks were quite powerful and managed to bring down various services. Some attacks came to the attention of law enforcement as the attackers also sent ransom demands to the targeted organisations.
"Data collected by various companies and aggregated for the purpose of identifying the source of these attacks reveals the in mid-August, the botnet was capable of launching DDoS attacks using botnets spread across over 120,000 unique IP addresses."
The researchers say WireX was capable of launching Layer 7 DDoS attacks that exhausted server memory resources which forced services to go offline.
Also Read: Hackers Launches Cyber-attack on Venezuela, Renders Millions Without Phone Service
The collaboration of these researchers from their various competing companies helped to bringdown the Botnet as they used the tools at their disposal to quickly discover all the bots, and then learned how the victims got infected which led them to track down over 300 apps that contained the WireX malware. Google on its part removed the malicious apps from the Play Store and also removed the malicious apps from all the devices that suffered the infection
Those who suffered a DDoS as of recent can check for the following pattern of User-Agent series to verify if it was WireX botnet:
User-Agent: jigpuzbcomkenhvladtwysqfxr
User-Agent: yudjmikcvzoqwsbflghtxpanre
User-Agent: mckvhaflwzbderiysoguxnqtpj
User-Agent: deogjvtynmcxzwfsbahirukqpl
User-Agent: fdmjczoeyarnuqkbgtlivsxhwp
User-Agent: yczfxlrenuqtwmavhojpigkdsb
User-Agent: dnlseufokcgvmajqzpbtrwyxih