For the last few months, Android Play Store has been in the news due to various malicious apps. This time no user has been harmed but a Security firm ESET website is the target of DDoS attack.
DDoS attack on ESET
From the sources, ESET researcher Lukas revealed details about an android app that used to target the ESET website with DDoS attacks.
The app appeared “updates for android which seems like a new update. The main thing it was linked with a website i-updater.com that was really fascinating. It seems that it is not harmful and that may cause thousands of downloads.”
According to ESET analysis, the malicious app has an inbuilt ability to load and execute malicious JS on the target device. This may really not happen it appeared online in late 2019. Hence, it was avoided by the google play store’s security.
What really it effect
As the result came, it turned the devices of all its users into its “botnet”.The interesting part is that it displayed the ads on the devices which helps to hide app icons and in between the app start downloading malicious javascript from the attacker’s server to run on user’s devices.
However, the availability to execute JS is what the attackers used to wages a DDoS attack
“The DDoS attack starts with the machines who compromised while receiving a command to load the vulnerable script that specifies the targeted domain. When the script is loaded, the machine starts making requests to the targeted domain.”
This all happens till they don’t reach the ESET website, the team of ESET detected the source behind the attack.
Take Down the App
After finding the threat, the ESET team got in touch with Google who eventually removed the app from the play store. The researcher also checks the website i-updater.com remained up as it was not malicious. When the team checks the website it appeared as a blank page. The site is fully cleaned and no traces are found of threat and malicious script.
Conclusions came after that the attacker may go underground and rebuild the site in a new manner.
[…] or software installed in the system. A packet sniffers on a network in the promiscuous mode that malicious things can be captured and analyzed all the network […]
[…] method used for data harvest that mainly uses the small piece of javascript code that transmits the collected details which consist of Credentials and payment information which can […]