register free | resend password

Malicious Apps in Global App Stores Increase, Leading to Emergence of WireX Mobile Botnet, RiskIQ’s Q3 Mobile Threat Landscape Report Finds

ID: 1530374
recent pressrelease next pressrelease

(businesspress24) - London - Dec. 12, 2017 - Malicious mobile apps are back on the rise, impersonating brands and fooling consumers, according to digital threat management leader RiskIQ, in its Q3 mobile threat landscape report, which analysed 120 mobile app stores and more than 2 billion daily scanned resources. In listing and analysing the app stores hosting the most malicious mobile apps and the most prolific developers of malicious apps, the report documents an increase in blacklisted apps over Q2, as well as the continued issues of imitation and trojan apps in official app stores and the emergence of the massive WireX mobile botnet.

Feral apps and Google Play are main sources of blacklisted apps

Other leading blacklisted app sources
In third place, secondary store AndroidAPKDescargar had comparable numbers to Google and feral apps. In Q3, it more than doubled its number of malicious apps to 20,907, making up about one-third of its total app count and outpacing all other stores by more than 10,000.

Rounding out the top four, ApkFiles rocketed to a huge number (25,545) in Q1 and then dropped off in Q2 before recovering slightly in Q3. Meanwhile, 97 percent of

Based on this data, RiskIQ concluded that some stores are being created and pumped up with huge numbers of malicious apps in short order. The firm

Playing the imitation game
One way malicious apps spread is through imitating others that are well known and popular. The report found that antivirus, dating, messaging, and social networking apps are favourite targets for this game. The Google Play store, in particular, is fertile ground for these attacks. Querying RiskIQ data for apps in the Play store since the start of Q3-containing the word

WireX mobile botnet emerges
Coinciding with the increase in dangerous/imitation apps, Q3 also saw the emergence of a massive mobile botnet attack, known as WireX. In August, RiskIQ, Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, Team Cymru, and others collaborated to take down the new threat, affecting the devices of at least 70,000 Android users globally. After a short development stage, on Aug. 17, the botnet struck several content delivery networks (CDNs)-with between 130,000 and 160,000 unique IPs observed from 100+ countries.

Around 300 apps tied to WireX were identified in total, a subset of which was found in official app stores, such as the Play store. Google moved to block these apps and to remove them from all Android devices. These apps masquerade as media and video players, ringtones, and storage managers. Once installed, they activate hidden functionality to communicate with command and control servers and launch attacks, whether the app is in use or not.

In this instance, extraordinary collaboration among security professionals was able to hamstring WireX before it could launch more devastating attacks. However, the botnet is not dead, and researchers are still encountering examples of its malicious apps in the wild. It may not be long before the rise of a new mobile botnet built through the spread of malicious Android apps.

For specific metrics or to learn more, download the RiskIQ Mobile Threat Landscape Q3 2017 Report:

More information:

Keywords (optional):

riskiq, mobile-threat-landscape, q3, wirex, malicious, app, botnet, mobile,

Company information / Profile:

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organisation’s digital presence. With more than 70 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures.

Visit or follow us on Twitter.

PressRelease by


PressContact / Agency:

Haydn Stokes
Atomic PR
+44(0)203 861 3845

published by: RealWire
print pressrelease  send to a friend  

Date: 12/12/2017 - 14:24
Language: English
News-ID 1530374
Character count: 3107
Firma: RealWire
Ansprechpartner: Fran Cator Feedback to about Pressrelease-id:
Stadt: Lincoln
Telefon: +44 (0)1522 883640

Meldungsart: bitte
Versandart: Veröffentlichung

Number of hits: 655


Direct Link to this PressRelease:

We would appreciate a link in your News-, Press- or Partner-Site.

Comments on this PressRelease

All members: 9 438
Register today: 0
Register yesterday: 0
Members online: 0
Guests online: 59

Don't have an account yet? You can create one. As registered user you have some advantages like theme manager, comments configuration and post comments with your name.