In January this year, a DDoS attack targeted the security firm ESET’s global website. This attack was conducted using approximately 4,000 unique IP addresses and lasted for 7 hours. However, after detecting the malicious Android app, ESET researchers put a stop to it.
- The app also has a corresponding website that promotes itself as daily news updates. However, the website has not been taken down since it is not malicious.
The wider view
- The app reached over 50,000 installs before Google promptly removed it from the Play Store after being informed of its malicious nature.
- The app has nothing to do with system updates and its name on unofficial app stores is misleading.
- The main functionality of the app is to receive commands from a pre-defined server that serves as a C&C server.
What the experts are saying
- The same tactic is employed by several legitimate Android software development frameworks and kits.
- The attackers are suspected to wait for the user base to expand before implementing the malicious functionality.
- Out of the 50,000 installs, only 10% were involved in the attack.
- This app is present in other unofficial app stores and has been displaying daily news to the users.
- The app was first uploaded on Google Play Store in early September in 2019.
This method of DDoS attack relies on the number of infected devices available to malicious actors.