Researchers at Doctor Web found a new trojan app in the Google Play store that can launch distributed denial of service attacks when opened.
Android.DDoS.1.origin, as it’s called, is Russian and disguises itself as the Google Play icon once downloaded. When opened, the app takes its victims to the actual Google Play store so as to distract the user. In the background, however, it searches for its command and control server — and if a connection is made, the app sends the infected phone’s number to the criminals. These hackers then administer commands to the app via text messages.
Commands include launching a DDoS attack or sending other text messages. Doctor Web suggests that the text message function could be used to spam others in the phone’s contact list, prompting them to either download the app or something else the hackers are pushing.
Nowadays when we think of DDoS attacks, we often are reminded of Anonymous, the hacker collective that launches a number of these attacks in the name of political protest. We’ve seen DDoS attacks take down a number of important websites including the CIA’s, financial institutions, and others. These attacks send large amounts of traffic toward a certain website’s servers in an attempt to overload the system and shut it down.
With this app, however, hackers with DDoS intentions are roping in innocent bystanders to do the dirty work. This isn’t the first time we’ve seen a campaign like this. In the case of the CIA website’s take down, Anonymous was accused of distributing links on Twitter to low-orbit-ion-canons (LOIC). These “cannons” send thousands of packets of information to a targeted server per second. When the Twitter links were clicked on, unsuspecting visitors would suddenly be roped into the attack.
Doctor Web goes on to say that the app can cause the phone to perform poorly, and can actually run up the owner’s bill by texting premium numbers.