McAfee Discovered a Malicious Mobile Phone Botnet

Cybersecurity expert John McAfee has claimed that a “zombie army” of a botnet may have implausibly triggered an active and massive DDoS attack from an unidentified application installed on millions of smartphones.

A recent distributed denial of service (DDoS) attack that triggered between 30 November and 1 December that targeted 13 root name servers – the infrastructure supporting a large part of the internet – may have been initiated by an unwitting botnet from millions of phones, according to John McAfee.

Although there are thousands of secondary servers situated around the world that could count as replacements temporarily, the majority of these are cached systems that are capable of holding data for a specific period of time. At the very height of the DDoS bombardment, the servers were inundated with over five million queries per second. Altogether, there were over 50 billion queries made toward the servers during the two days.

According to IBTimes, several cybersecurity experts including hacker Chris Roberts and DEFCON organizer Eddie Mize, along with McAfee note that smartphones are the most likely reason behind the recent DDoS attack triggered by a botnet army. They point to a simple application, such as the flashlight app that may be unknowingly infected with malware.

Speaking to the publication, McAfee notes:

There are smartphone apps with more than 100 million users that are known to be spying on us.

It is trivial to build a free app which gets its ideas from a central source. As to who may have done this, I always look to those who have the most to gain or who have the largest axe to grind.

Signifying the impact of how powerful a botnet army of infected phones could potentially be, he added “If there were 100 million users of an app, only 0.1% of the phones would have to be activated in order to achieve the effects that we saw.”

He also notes that there would be absolutely no defenses in place to counter a threat of such a magnitude, noting that more phones would have potentially leading to far more dire consequences.

“If the perpetrators had activated a mere order of magnitude more phones, we would have lost the internet,” McAfee added.