A fake Google Play app is secretly recruiting clueless Android devices around the world and turning them into cold-blooded DDoS attackers. (Any similarity to fundamentalist religious movements is purely coincidental. Ed)
The fake app actually works, as it allows users to browse Google’s store, but in the background it is plotting to take over as many devices as possible and join a nasty botnet. The name of the malicious app has not been released yet, but it’s called “Android.DDoS.1.origin” in a report by Russian security outfit Doctor Web.
The app uploads the phone number to the malware authors and receives instructions via text messages.
"Supported directives include attack a specified server and send SMS. If criminals want the Trojan to attack a server, a command message will contain the parameter [server:port]," the firm reports.
The app can launch a DDoS attack, but it can also send out SMS spam. There is also a chance that the app could be used to send text messages to premium numbers, making it very costly for users.
It is still unclear how the app is spreading. Apparently Google Play has nothing to do with it and it is probably offered on third-party app markets.
More here.