Eight Apps on Google Play Store Infected with Sockbot Malware

red chain with padlocks
The Google Play Store removed eight Android apps after hundreds of thousands of users downloaded and installed apps containing the Sockbot malware.

If you aren’t cautious enough about downloading random apps from online app stores like Google Play Store, then its time you should be.

A recent report from the security firm Symantec discovered that Sockbot, a new type of Android malware, was running rampant in the app marketplace.

It was posing as normal apps in the Google Play Store, which led to many people downloading the harmful virus. These apps were made by a company called FunBaster.

Hundreds of thousands of people from all over the world visit the Android app store every day, and to prevent more users from downloading the virus, the Google Play Store has now removed all the known infected applications and discontinued the developer account.

In their report, researchers at Symantec stated that at least eight infected Android apps were identified to have been downloaded in the last few days.

Symantec didn’t reveal the names of all eight apps, but one of them was known to be an app called “Assassins Skins for Minecraft.”

The total number of downloads is estimated to be between 600,000 and 2.6 million, causing concern in the security department at Google.

The Android apps in question were disguised as normal skin modifier apps that allow you to change the appearance of characters and objects in Minecraft: Pocket Edition.

Minecraft is, of course, one of the most popular games to ever have been made, so it was no surprise that many eagerly downloaded the infected Android applications.

Once downloaded, the Sockbot malware started generating illicit ad revenue from the unsuspecting users.

What is Sockbot Malware?

The Sockbot malware is a new type of malicious program that adds the devices users who downloaded the infected Android apps to a botnet. This allows the malware to generate fake and illegal ad traffic.

The experts at Symantec assert that once the Sockbot malware is downloaded, starts connecting to a C&C server (command and control). Then it proceeds to open a socket by utilizing the SOCKS proxy mechanism to connect to a targeted IP address.

Once the program is connected, it issues a command to connect to the server and the infected app starts receiving a whole list of ads to generate revenue.

The program collects information from ads—such as the type of ad, the screen size, name, etc. And the key strings in the malware are encrypted to help avoid basic-level detection.

Luckily, the people at Symantec started taking a closer look at the infected apps to figure out Sockbot’s presence. So far, users in United States, Russia, Ukraine, Brazil and Germany have been affected.

All the infected Android applications were created by the same developer, who went by the name FunBaster. Symantec believes that whoever created the Sockbot malware wasn’t able to completely finish the development process due to their timely discovery.

While this might not sound too dangerous, the problem is that the Sockbot malware can easily be modified to cause a significant amount of damage on vulnerable networks. It could even extend itself to create security vulnerabilities.

And, if needed, a hacker could easily use the Sockbot malware to carry out DDoS (Distributed Denial-of-Service) attacks, though none have been recorded from the devices that were infected with the Sockbot malware.

This is not the first time a botnet attack has occurred recently.

A few months ago, the WireX botnet surfaced and wreaked widespread havoc by infecting anywhere from 70,000 to 120,000 Android devices.

Another botnet that was discovered this year was the GhostClicker adware, which spread to nearly 340 Android apps before it was stopped.

How to Protect Yourself from the Sockbot Malware

android cellphone
Sockbot malware is a new type of malicious program disguised as normal Android applications.

One of the most important things to do is to make sure that all your software is up to date. You do not want the important applications in your phone to present vulnerabilities gift wrapped to the malware.

You should also never download and install any apps from unfamiliar sites. No matter how interesting the apps may be, there is a real risk that they were created to bait you.

Make sure you download apps only from trusted and secure sites. Whenever you install an app, make sure you read all the permissions requested by it.

If you simply click “Agree” to everything, you might not even realize that you just gave the app permission to ruin your life.

Another key aspect which many people tend to ignore is using mobile security apps. While many PC security programs get flak for not working properly or efficiently, there are a few good mobile security apps.

Read up on the most secure program and download it. It will help you greatly not only to detect malicious programs in your phone but also to remove them once and for all.

More generally, the most important thing you can do to safeguard your online privacy is to always be well aware of what’s happening in the digital world.

If you’re a tech-savvy person, it is crucial that you keep yourself well informed on current digital trends, attacks and solutions. This would greatly help you to be prepared for any and all scenarios.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.