ESET expert Lucas Stefanko told in the company’s blog about the malicious application Updates for Android, which launched a DDoS attack on the ESET website.Initially, the application promised to provide users with an updated news feed from i-Updater[.]Com. The site still works, as it is not malicious itself.
The application arrived on Google Play in September 2019, was installed more than 50,000 times and had good reviews (average score 4.3), but secretly from users it was used to conduct DDoS attacks, for which were used about 10% of users devices.
The researcher also notes that the name of the product has already misled people.
“Immediately after downloading and installing Updates for Android, it did not have any malicious functionality, which helped it bypass the protection of the official application directory. Malicious features appeared after only one update”, – says Lucas Stefanko.
Overall, DDoS attacks began with the hacked device receiving a command to load a script that pointed to the target domain. After that, the infected device sent requests to the target domain until the C&C server provided another script. As a result, infected devices connected to the target site every second to create an excessive load on the resource.
“ESET experts witnessed the work of six more such scripts, each of which contained a new target domain for the devices included in the botnet. Were attacked famous news sites and e-commerce sites, most of which are located in Turkey”, – notes Lukas Stefanko.
Since February 2, 2020, the script has been distributed empty, which means that attackers tried to exploit their botnet for two more days after Google stopped Updates for Android.
Let me remind you that China declared a real war on DDoS services, and in a rather non-obvious way, they decided to fight DDOS attacks in Ubisoft: DDoS attacks on Ubisoft almost completely stopped after company threatens with a lawsuit.
User Review( votes)