Introduction \r\n On August 17, 2017, multiple content delivery networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram of one of the delimiter strings in its command and control protocol. The WireX botnet comprises primarily Android devices running malicious applications and is designed to create distributed denial-of-service (DDoS) traffic. The botnet is sometimes associated with ransom notes to targets. \r\n Approximately one week later, Google was alerted that this malware was available on its Play Store. Shortly following the notification, Google removed hundreds of affected applications and started the process to remove the applications from all devices. \r\n Researchers from Akamai, Cloudflare , Flashpoint , Google, Oracle Dyn, RiskIQ , Team Cymru, and other organizations cooperated to combat this botnet.…