DDoS attack on ESET

From the sources, ESET researcher Lukas revealed details about an android app that used to target the ESET website with DDoS attacks.

The app appeared  “updates for android which seems like a new update. The main thing it was linked with a website i-updater.com that was really fascinating. It seems that it is not harmful and that may cause thousands of downloads.”

According to ESET analysis, the malicious app has an inbuilt ability to load and execute malicious JS on the target device. This may really not happen it appeared online in late 2019. Hence, it was avoided by the google play store’s security.

What really it effect

As the result came, it turned the devices of all its users into its “botnet”.The interesting part is that it displayed the ads on the devices which helps to hide app icons and in between the app start downloading malicious javascript from the attacker’s server to run on user’s devices.

However, the availability to execute JS is what the attackers used to wages a DDoS attack

“The DDoS attack starts with the machines who compromised while receiving a command to load the vulnerable script that specifies the targeted domain. When the script is loaded, the machine starts making requests to the targeted domain.”

This all happens till they don’t reach the ESET website, the team of ESET detected the source behind the attack.

Take Down the App

After finding the threat, the ESET team got in touch with Google who eventually removed the app from the play store. The researcher also checks the website i-updater.com remained up as it was not malicious. When the team checks the website it appeared as a blank page. The site is fully cleaned and no traces are found of threat and malicious script.

Conclusions came after that the attacker may go underground and rebuild the site in a new manner.

The post ESET Website under DDoS attack by Malicious Android App appeared first on Vednam.