Google Play Store Minecraft-based apps are infected with Sockbot malware, say researchers

Google Play Store is in trouble again. Researchers have found out that the Android app store has been hosting several harmful Minecraft-based apps that end up wreaking havoc on the mobile devices it’s downloaded by creating botnets. Symantec researchers said that as many as eight apps, which have been found in the store, are infected with the Sockbot malware and they have an approximate install base of 600,000 to 2.6 million devices.

The American software company in a blog post noted that the apps were able to fool the Google Play Store barriers by disguising themselves as add-on functionality for the Minecraft: Pocket Edition (PE) game. They are not related to the main app but provide “skins” which can be used to change the appearance of the characters playable in the game. The Sockbot malware appears to be focused on users who are in the United States but its presence has also been felt in Russia, Ukraine, Brazil, and Germany.

In the blog post, Symantec writes, “The app connects to a command and control (C&C) server on port 9001 to receive commands. The C&C server requests that the app open a socket using SOCKS and wait for a connection from a specified IP address on a specified port. A connection arrives from the specified IP address on the specified port, and a command to connect to a target server is issued. The app connects to the requested target server and receives a list of ads and associated metadata (ad type, screen size name). Using this same SOCKS proxy mechanism, the app is commanded to connect to an ad server and launch ad requests.”

The presence of these apps was noted to Google on 6th October and they were, thankfully, removed from the store by the online search giant. However, repeated attacks and presence of malicious apps in the Google Play Store for many makes one question if Google is taking adequate measures to safeguard the interests of its consumers.