Security researchers from various security companies have discovered a new botnet that contains thousands of hacked Android devices. The botnet is called WireX, identified as “Click Fraud” the botnet network fundamentally contains infected Android devices running one of the hundreds of malicious apps installed from Google Play Store and is intended to conduct huge DDoS attacks.
WireX botnet had already infected thousands of Android devices earlier this month, and on 17th August, security researchers detected a huge DDoS attack (HTTP GET requests) originated from infected mobile devices around the world.
Chad Seaman, a senior engineer at Akamai said:
“I know in the cases where we pulled data out of our platform for the people being targeted we saw 130,000 to 160,000 (unique Internet addresses) involved in the attack”
If you suffered a DDoS attack, check for the following pattern of User-Agent series to verify if it was WireX botnet:
User-Agent: jigpuzbcomkenhvladtwysqfxr
User-Agent: yudjmikcvzoqwsbflghtxpanre
User-Agent: mckvhaflwzbderiysoguxnqtpj
User-Agent: deogjvtynmcxzwfsbahirukqpl
User-Agent: fdmjczoeyarnuqkbgtlivsxhwp
User-Agent: yczfxlrenuqtwmavhojpigkdsb
User-Agent: dnlseufokcgvmajqzpbtrwyxih
“The best thing that organizations can do when under a DDoS attack is to share detailed metrics related to the attack. With this information, those of us who are empowered to dismantle these schemes can learn much more about them than would otherwise be possible.”