Malicious Minecraft-based Android apps have been uncovered in the Google Play store which compromises devices for the creation of botnets. On Wednesday, researchers from Symantec said that eight apps hosted on the store were infected with the Sockbot malware, with an install base ranging from 600,000 to 2.6 million devices. In a blog post, Symantec said the apps managed to worm their way into the official Google Play Android app store by posing as add-on functionality for the popular Minecraft: Pocket Edition (PE) game. They are not official Minecraft apps but instead offer “skins” which can be used to modify the appearance of in-game characters. The security team believes the apps were originally aimed at generating illegitimate ad revenue. One of the apps was observed connecting to a C&C server for orders to open a socket using SOCKS before connecting to a target server, which gave the app a list of ads and metadata to launch ad requests.
Full article here.