Google needs to remove hundreds of malicious apps from people’s phones

Google and security researchers have found hundreds of malicious apps in the Play Store.

The search engine giant has blocked them from Google Play, which means users can’t download them anymore.

However, it says it also need to remove them from any devices they’ve already been installed on.

The apps appear to be completely legitimate, and fall into a broad range of categories, such as media players, ringtones and storage managers, say Akamai, Cloudflare, Flashpoint, Oracle Dyn, RiskIQ and Team Cymru, the security firms that discovered them.

“We identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we’re in the process of removing them from all affected devices,” said Google.

“The researchers' findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.”

According to security blog Krebs On Security, at least 70,000 Android devices could be affected.

The malicious apps were being used to carry out distributed denial of service (DDoS) attacks, where the target is flooded with data from a huge number of sources until it’s overwhelmed and goes down.

The apps were able to launch attacks even when they weren’t being used, or when the phone's screen was locked.

“On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX,” said the researchers, who also explained that not all of the malicious apps behaved in the same way.

“The WireX botnet comprises primarily Android devices running malicious applications and is designed to create DDoS traffic.”

They added: "Antivirus scanners currently recognize this malware as the 'Android Clicker' trojan, but this campaign’s purpose has nothing to do with click fraud. It is likely that this malware used to be related to click fraud, but was repurposed for DDoS."