It's been an unfortunately busy few weeks for Android vulnerabilities. Earlier in the month, we wrote about SonicSpy, a grandiose piece of malware that could gain an incredible amount of control over your device - including, of course, being able to record your audio. Just last week, we followed-up with another story talking about the 500 apps Google obliterated from the Play Store that bundled an exploited ad network.
Today, WireX is the name of the game, a piece of malware whose sole purpose is to turn our innocent mobile devices into a DDoSing bot network. On August 17, WireX hit many content providers, as well as content delivery networks, with a surge of traffic to render them useless.
If an app requires abnormal permissions, it's best to play it safe
As has become a theme, this malware didn't just find itself into one app, or even several. Instead, 300 WireX-bundled apps were removed from the Play Store by Google.
Because the WireX incident was so wide-reaching, a number of other important companies jumped in to help diagnose how the attack all came together. Those include Akamai, CloudFlare, and Flashpoint, a security research firm that has detailed this attack in great detail. Flashpoint says that without collaboration, all of the information available right now simply wouldn't exist.
Ultimately, this issue once again reminds us that we need to be careful about what we download from the Play Store. Not always, but most malware seems to be found in the most off-the-wall apps that obviously lack professionalism. If you feel like you're in the depths of the Play Store, it'd be best to play it safe.