Sockbot Android malware discovered in eight popular apps on Google Play

Play Store app

The stated goal of the apps is to modify the skins of characters in Minecraft: Pocket Edition, but behind the scenes, the malware is generating illicit ad revenue. A single developer account named FunBlaster is associated with the campaign. This is according to a blog post published Wednesday by researchers from Symantec.

The malware was found to be primarily targeting users in the USA, but also had some presence in Russia, Ukraine, Brazil, and Germany, according to researchers at security software company Symantec.

While this is a relatively innocuous use case, Symantec notes that the malware "could easily be extended to take advantage of a number of network-based vulnerabilities, and could potentially span security boundaries". "In addition to enabling arbitrary network attacks, the large footprint of this infection could also be leveraged to mount a distributed denial of service (DDoS) attack". App testing is also adding the ability to launch alphas or betas only in specific countries, while other regions get the production version.

Google Play Services for Instant Apps creates a special kind of bridge between native Android apps and web apps thus making it possible for users to access the essential parts of the app.

Software scans can not match a person's ability to discover "a truly creative hack", Vineet Buch, director of product management for Google Play Apps and Games, said in an interview.

Cybersecurity firm Symantec first discovered the scheme, which includes a total of eight trojan horse-like Minecraft apps infected with malware. Numerous scammers appeared to be taking advantage of lax vetting procedures for newly added apps; one titled "Mobile protection: Clean & Security VPN" rose to the top 10 grossing productivity apps in the Apple store before it was revealed to be charging users some $US99.99 ($127) a week. The vetting process is by no means foolproof, and for that reason, users in doubt should always choose not to install an app.

Related:

Comments


Other news