• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 8th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

Android Apps Infected with Sockbot Malware Turn Devices into Botnet

October 19th, 2017 Waqas Security, Android, Malware 0 comments
Android Apps Infected with Sockbot Malware Turn Devices into Botnet
Share on FacebookShare on Twitter

Cybercriminals apparently are well aware of the fact that Minecraft is a truly profitable game perhaps that’s why they are eager on identifying new ways of exploiting it. Reportedly, there are a number of Minecraft oriented Android apps available on Google Play Store that are infecting devices and turning them into botnets.

According to research conducted by Symantec’ cybersecurity researchers, eight apps on Google Play Store are infected with an embedded malicious Trojan called Sockbot. The installation scope of this particular malware campaign is quite wide-ranged with approx. 600,000 to 2.6 million devices targeted so far. The apps initially posed as add-ons for Minecraft: Pocket Edition game to get posted at Google Play Android app store.

However, these are not official Minecraft game apps but only providing skins for changing the appearance of characters in the game. The apps have been designed to generate ad revenue through illegal ways. One of these eight apps was found to be communicating with a command and control server (C&C) for instructions to open a socket using SOCKS before creating a link with the targeted server. The C&C server provided a list of metadata and ads to promote ad requests. But in reality, the app is not meant to display ads but to compromise mobile devices for nefarious purposes.

After being installed on a device, the app asks for a range of permissions including displaying of alerts, accessing GPS data, open network connections, access Wi-Fi service and acquire read and write privilege on external storage devices.

[fullsquaread][/fullsquaread]

Malicious Android Apps on Google Play Store Turning Devices into Botnets

One of the malware infected Minecraft apps / Credit: symantec

Sockbot malware creates a SOCKS proxy to ensure generation of ad revenue and making the device a botnet. According to Symantec, the proxy topology is “highly flexible” as it can easily be extended to benefit from vulnerabilities of networks and also effectively span security parameters. Apart from executing “arbitrary network attacks,” the wide-ranging scope of this infection can be utilized to launch a DDoS (distributed denial of service) attack.

A developer using the alias FunBaster is identified to be linked with the malicious apps. It is noted that the developer signs every app with a unique developer key and has ensured that the coding of the app is obfuscated while the key string is also encrypted. If the code could be decrypted, it would be clear how the apps have managed to thwart security processes of Google to get posted on the Play Store.

[q]A botnet is a number of Internet-connected devices, each of which is running one or more bots[/q]

Google was notified of the presence of malicious apps on its Store by Symantec on October 6th after which the company removed them. However, there are tons of other malware-infected apps on Google Play Store that might trick Android users, therefore, avoid downloading unnecessary apps and use anti-virus software.

  • Tags
  • Android
  • Botnet
  • Cyber Crime
  • Google
  • Google Play
  • hacking
  • internet
  • Malware
  • Privacy
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Post Cyberattack: The Next Steps Your Business Needs to Take
Next article Russian Hacker Exploits GTA 5 PC Mod to Install Cryptocurrency Miner
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

IT Security firm Qualys extorted by Clop gang after data breach

IT Security firm Qualys extorted by Clop gang after data breach

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

U.S. DOJ warns of fake unemployment benefit websites stealing data
Cyber Crime

U.S. DOJ warns of fake unemployment benefit websites stealing data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers
Cyber Attacks

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us