Fake Google Play App Uses Infected Phone to Launch DDoS

News
By
published

This malware installs as Google Play and even lets infected users browse Google's storefront while secretly sending and receiving commands from malware authors.

Russian anti-virus vendor Doctor Web (Dr. Web) is now warning Android device customers about a recently discovered app that can unknowingly turn a smartphone into a platform for launching DDoS attacks.

Although the security firm didn't reveal the actual listed name of the malicious app, it's called "Android.DDoS.1.origin" in the report, and is based out of Russia. Once the app in question is downloaded and installed on an Android smartphone, it's disguised as the Google Play icon. It even connects the user to Google's virtual storefront when launched.

But as Android users browse the virtual isles of Google Play, the app secretly connects to its command and control server and uploads the infected device's phone number to the malware authors. These hackers in turn issue commands to the fake Google Play app using text messages.

"Supported directives include attack a specified server and send SMS. If criminals want the Trojan to attack a server, a command message will contain the parameter [server:port]," the firm reports.

If the app receives a command to attack a server, it will then begin flooding a specific address with data packets. If the malicious app is required to send SMS messages instead, the command message will contain both the message text and the number of a specific destination.

"Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services," the firm said. "Should the device send messages to premium numbers, malicious activities will cost the user even more."

Dr. Web is still trying to determine how this malware is being spread, but there's no indication that it's residing on Google Play as suggested by other reports. It's likely offered on 3rd-party Android markets meant for devices that don't provide Google-based services like Google Play and Gmail. The firm said criminals are likely employing "social engineering tricks" in addition to disguising the malware as a legitimate application from Google.

"It is worth noting that the code of Android.DDoS.1.origin is heavily obfuscated," the security firm said. "Given that the Trojan can carry out attacks on web sites and send various text messages to any number, including those of content providers, we can assume that the malware can also be used to conduct illegal activities for third parties (e.g, attack a competitor's site, promote products with SMS or subscribe users to chargeable services by sending SMS to short numbers)."

This new Android malware is still under investigation, so stay tuned.

See more Computing News
Kevin Parrish

Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then, he’s loved all things PC-related and cool gadgets ranging from the New Nintendo 3DS to Android tablets. He is currently a contributor at Digital Trends, writing about everything from computers to how-to content on Windows and Macs to reviews of the latest laptops from HP, Dell, Lenovo, and more. 

More about online security
A laptop with the screen displaying both the logos for Norton antivirus and McAfee antivirus softwares.

I compared Norton vs McAfee’s antivirus software to see which one is best
A fake text message on a smartphone being held by both hands.

Toll road scams are worse than ever — what to look for and how to stay safe
MWC 2024 front

MWC 2025 Day 1 — here’s 7 amazing new gadgets you need to see
See more latest
16 Comments Comment from the forums
  • LORD_ORION
    They probably invented it.
    Reply
  • wildkitten
    LORD_ORIONThey probably invented it.You're likely right.

    One of the ways these malware apps get spread isn't neccessarily on 3rd party app stores, but on Android forums. Just a couple of days on the Phandroid forums for my phone model, someone was requesting the APK of the Google Play app. Had the person responding been someone who wanted to spread this malware, the person wanting it would have got the infected version, all the while assuming they were getting a good link from a respected Android community.
    Reply
  • reprotected
    As you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!
    Reply
  • wildkitten
    reprotectedAs you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!I see the iHaters have become extremely paranoid, and this isn't even a Zak Islam article.

    Hate to break this to you, but Linux, and OS's like Android based on Linux, are vulnerable to malware. They are the perfectly safe little gardens that the blind fans have always claimed.
    Reply
  • wildkitten
    Correction for typo: Meant to say aren't perfectly safe.
    Reply
  • acerace
    reprotectedAs you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!
    The most stupid thing today.
    Reply
  • JackFrost860
    it would have been more useful if Tom explained how to tell if you Android is infected
    Reply
  • JackFrost860
    Why did i buy a phone with an O/S called Android? Of course it was a robot ;)
    Reply
  • Supercrit
    reprotectedAs you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!I thought Apple fanboys were scary, unless this is a trolling attempt or sarcasm.
    Reply
  • house70
    reprotectedAs you can see, this is clearly an anti-Google pro-Apple article. The virus was probably made by Dr. Web, sponsored by Apple who also paid this pro-Apple editor to write this article and post it on pro-Apple website Tom's Hardware. WE'RE NOT FALLING FOR YOUR TRICKS!!!!!!The sarcasm is strong with this one...
    Reply
Most Popular
Infinix tri-fold foldasphone phone concept
Tri-fold flip phones are coming and this concept device shows how they could work
(L-R) Kate Hudson as Isla Gordon and Brenda Song as Ali in "Running Point" on Netflix
Netflix’s new comedy show just went straight to No. 1 — and viewers rate it 95% on Rotten Tomatoes
(L-R) Mark Eydelshteyn as Vanya and Mikey Madison as Anora "Ani" Mikheeva in "Anora"
Where to stream ‘Anora’ — how to watch the Oscar winner right now
Le Creuset Gourmand Collections
Le Creuset launches new cookware collection — and it’s smart enough to serve
IKEA LOSHULT Utility cart desk
IKEA just quietly released a new storage solution — and it's ideal for tiny spaces
Aurzen Zip projector
I just tried this foldable projector that fits in the palm of your hand — and it's one of the coolest gadgets of the year
tcl nxtpaper 60 handset from the back
TCL wants to bring AI features to $200 phones — here’s how it will work
Nothing Phone 3a and Nothing Phone 3a Pro, 3a in foreground
Nothing Phone 3a first look — the most exciting budget phone of MWC
Samsung Galaxy Tab S10 Plus with keyboard and S Pen
Samsung Galaxy Tab S10 FE renders just revealed a stunning iPad rival
Mikey Madison holding oscars trophy
7 biggest moments from the 2025 Oscars