After the investigation, the researchers discovered more than 300 tainted applications on the official Google Play Store store, forged as multimedia files, video players, ringtones, memory management tools, application . contains WireX malicious code.
Like many other poisoning applications, applications infected with WireX do not execute immediately after installation to avoid detection. They wait for a command from the C&C server located at multiple subdomains of axclick.store.
Google has detected and blocked almost 300 applications, mostly downloaded by users in Russia, China and Asian countries. Even so. The botnet WireX still works on a small scale.
If your device is running Android with a new version of Google Play Protect, WireX apps will automatically be deleted from the device. This is a new security feature that uses the machine learning method and rate analysis to use the application to remove (uninstall) the poisoned application.