Android.DDoS.1.origin, as it’s called, is Russian
and disguises itself as the Google Play icon once downloaded. When opened, the
app takes its victims to the actual Google Play store so as to distract the
user. In the background, however, it searches for its command and control
server — and if a connection is made, the app sends the infected phone’s number
to the criminals. These hackers then administer commands to the app via text
messages.
Commands include launching a DDoS attack or
sending other text messages. Doctor Web suggests that the text message function
could be used to spam others in the phone’s contact list, prompting them to
either download the app or something else the hackers are pushing.
Nowadays when we think of DDoS attacks, we
often are reminded of Anonymous, the hacker collective that launches a number
of these attacks in the name of political protest. We’ve seen DDoS attacks take
down a number of important websites including the CIA’s, financial
institutions, and others. These attacks send large amounts of traffic toward a
certain website’s servers in an attempt to overload the system and shut it
down.
With this app, however, hackers with DDoS
intentions are roping in innocent bystanders to do the dirty work. This isn’t
the first time we’ve seen a campaign like this. In the case of the CIA
website’s take down, Anonymous was accused of distributing links on Twitter to
low-orbit-ion-canons (LOIC). These “cannons” send thousands of packets of
information to a targeted server per second. When the Twitter links were
clicked on, unsuspecting visitors would suddenly be roped into the attack.
Doctor Web goes on to say that the app can
cause the phone to perform poorly, and can actually run up the owner’s bill by
texting premium numbers.
No hay comentarios:
Publicar un comentario