ESET researcher Lukas Stefanko revealed details about an Android app that targeted the ESET website with DDoS attacks. Briefly, the app dubbed as “Updates for Android” appeared on the Play Store as a news update app. It linked back to the website i-updater[.]com that looked promoted the app.
It apparently looked and remained pretty harmless, consequently earning thousands of downloads. However, according to ESET analysis, the only malicious trait in this app was its ability to load and execute malicious JS on the target device. Initially, this ability was not present in the app when it first appeared online in late 2019. Hence, it avoided any checks by Google Play Store’s security.
Since the app targeted ESET’s website, the researchers quickly detected the source behind the attack.
App is now taken down, Upon detecting the malicious app, ESET got in touch with Google, who eventually removed the app. Though, the researchers stated that the website (i-updater[.]com) remained up as it was not malicious. However, when LHN checked the website, it merely appeared a blank page. Even the page source did not show any text besides some codes for site layout. It means that either the threat actors behind the app are planning to go underground. Or, they have merely flashed the site to rebuild it again in a new manner.