Infected Minecraft Apps Could Potentially Turn Over 2 Million Android Devices Into a Botnet Army

By on

We all love a good game, especially those that allow us to create and innovate with the touch of our fingertips. That’s why the video game Minecraft, which allows players to build constructions out of textured cubes, has grown in popularity. It’s become so popular, in fact, that there’s even mobile app versions of the game.

And now malicious versions of these apps exist too. Just this week, cybersecurity researchers discovered Minecraft Android apps in the Google Play store that have been infected with Sockbot malware. These eight apps have been designed to enslave the devices that download them into a botnet army, and have impacted almost 2.6 million devices already.

These apps managed to sneak their way onto Google Play through the art of deception. Basically, the infected apps posed as add-on functionality for the popular Minecraft: Pocket Edition (PE) game. They are not official Minecraft apps but instead offer “skins” which can be used to modify the appearance of in-game characters.

Once downloaded, however, the apps’ true intentions come out. At first, it was thought that the apps were originally aimed at generating illegitimate ad revenue. Some apps were found connected to a command-and-control server (C&C) that supplied the apps with a list of ads and metadata to launch ad requests. But instead of generating revenue, Sockbot created a SOCKS proxy, which is basically a gateway between a local network (e.g., all the devices in one building) and a larger-scale network, in order to enslave devices into a botnet army. And so far, its recruited quite a few soldiers, as its been reported that 2.6 million devices have been hit already.

Fortunately, these apps have been flagged to Google, who quickly removed them from their official app store. However, with millions of devices already impacted, it’s important Android users keep these tips in mind:

  • Only download apps from the original developer. As fun as it is to enhance your game, you should only download add-ons and alternative apps that have been created by the original developer. In the case of Sockbot malware, Android users could’ve avoided infection if they only downloaded applications from the makers of Minecraft themselves.
  • Do your homework.Before you download an app, make sure you head to the reviews section of an app store first. Take the time to sift through the reviews, and keep an eye out for ones that mention that the app has had issues with security or might be a bit sketchy. It helps to research the developer too. When in doubt, don’t download any app that is remotely questionable.
  • Use a mobile security solution. As malware campaigns continue to infect mobile applications, make sure your mobile devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

Categories: Consumer Threat Notices
Tags: , ,

Leave a Comment

Similar articles

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and ...
Read Blog
Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need ...
Read Blog
The authors thank their colleagues Oliver Devane and Deepak Setty for their help with this analysis. McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims’ computing power to mine for cryptocurrencies. Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background ...
Read Blog