An app from Playstore named Updates for Android has served malware and grouped devices to launch a DDoS attack. This was reported by ESET researchers, who were the victims of this app’s DDoS attack and informed Google to be removed later. Besides gaining devices for an attack, it was also involved in ad fraud and has gained over 50,000 installs from Google Playstore.
Ad-fraud and DDoS attack
Though installing from official app stores like Google Playstore is recommended, threat actors will somehow manage to sneak in their malicious apps into it. And users installing will be facing consequences like data theft, ad fraud, or being served in IoT botnets. Here’s one such network created by an attacker, who, under his malicious app as Updates for Android, created a botnet to attack a cybersecurity website!
ESET researcher, Lukas Stefanko described an incident regarding a DDoS attack happened on their website, back in January. This was performed by an unknown operator, who started with an app from Google Playstore. The app, Updates for Android has over 50,000 downloads from Playstore but has malware in it for two weeks before attacking the website, eset.com.
After being installed, it did serve news to look legitimate but also indulged in ad fraud. Besides displaying in-app ads, it’s also displaying ads from the device’s default browser, without any permissions. Further, two weeks before launching the DDoS attack on eset.com, it started gathering devices by infecting and adding to its botnet.
Attaining the purpose
ESET researchers have tracked back the operator’s C2 server and tried to know the attacker. In this pursuit, they found many other scripts that are supposed for attacking e-commerce and news websites, mostly based in Turkey. The researchers have informed Google about this, and the app was taken down. Yet, it’s still available in third-party app stores.