ESET has been forced to fend off a DDoS attack facilitated by a malicious news app hosted in the Google Play Store.
On Monday, ESET researcher Lukas Stefanko described how the app, named "Updates for Android," promised users a free daily news feed. The app appeared to gather good reviews with an overall score of 4.3, but secretly, the software was creating a bot of slave devices in order to launch Distributed Denial-of-Service (DDoS) attacks.
First uploaded to Google Play on September 9, 2019, the Android app proved popular and accounted for over 50,000 installs at its peak.
Updates for Android posed as legitimate software by offering some news feeds and only introduced functionality that could be abused for malicious purposes in its most recent update.
"We don't know how many instances of the app were installed after the update or were updated to the malicious version," ESET noted.
Following its update, the malicious app pinged a command-and-control (C2) server belonging to its operator for commands every 150 minutes. The ID of each device with an active install of the app was also forwarded to the server.