Godless Android malware offers serious firepower to a botnet herder

Godless Android malwareOne of the most concerning characteristics of the Godless malware is the ability to receive remote instructions on which app to download and install on mobile devices, without the user’s knowledge. This is called command and control (C&C).

Being a DDoS subject matter expert, I believe this has the makings of something more insidious than malicious ads. Nearly one million infected Android devices connected to 4G LTE networks offers some serious firepower for a botnet herder.

According to Verizon, 4G LTE download speeds are between 5-12 Mbps, and upload speeds are between 2-5 Mbps. Today, Android and other smartphones have access to more bandwidth over 4G than most people have in their home, not to mention their businesses. Doing the math, one million devices having access to 2-5 Mbps for uploading, theoretically could generate between 2–5 Terabits of traffic, per second. Just imagine if that was all DDoS attack traffic.

Botnet masters who launch DDoS attacks are always looking for ways to increase the impact of their attacks. Botnets made up of Android devices are a complete reality and scarily, they can go beyond mobile devices. For example, alarm systems, televisions, or any other device running Android could potentially become part of a botnet.

All an attacker needs to do is somehow plant the code to launch an attack (which could be in the form of an app) on one of these Android devices, paving the way for the command and control backdoor needed to launch such a “concerted” attack. Non-Android devices can easily become part of a botnet as well. This is in no way intended to be specific to Android.

One thing the industry may not be aware of is the real threat to a mobile network when nearly one million mobile devices have command and control enabled. The possibility of a denial of service attack against components in the mobile operators Evolved Packet Core (EPC) is also a reality. Researchers suggest that components could be taken offline due to a denial of service attack, affecting the interworking of a mobile operator’s network.

This denial of service scenario is much different than the DDoS attacks we hear so often about. Instead of an attack coming from the Internet toward the mobile operator, this attack scenario originates from within the mobile network itself.

Not only could this type of an attack impact people’s phone service, but it could also impact any device connected to a 4G LTE network, such as home alarm systems, emergency responders, etcetera. Unfortunately for those who don’t like horror stories, this scenario is reality and mobile operators need to be prepared to provide the proper defense.