Millions of mobile devices are now making requests in what's described as "an attack on the economy."
Botnets have tended to hide in the nooks and crevices of servers and endpoint devices. Now a growing number are hiding in the palms of users' hands. That's one of the conclusions of a new report detailing the evolving state of malicious bots.
"Mobile Bots: The Next Evolution of Bad Bots" examined requests from 100 million mobile devices on the Distil network from six major cellular carriers during a 45-day period. The company found that 5.8% of those devices hosted bots used to attack websites and apps – which works out to 5.8 million devices humming away with activity that their owners know nothing about.
"The volume was a surprise," says Edward Roberts, senior director of product marketing at Distil Networks. The research team even took another sampling run to verify the number, he says. In all, "One in 17 network requests was a bad bot request," Roberts says,
Another significant step in the evolution of these bots is their use. The "traditional" use of botnets is as an engine for distributed denial-of-service (DDoS) attacks or spam campaigns. These mobile bots, though, seem to be focused on a different sort of attack.
"It's an attack on the economy," Roberts says, describing the activity in which bots repeatedly scrape prices from a retail site so that a competitor can constantly match or undercut the price.