Click to Skip Ad
Closing in...
  1. Prime Day Deals 2021
    04:05 Deals

    Amazon Prime Day deals 2021: See hundreds of the best deals right here

  2. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  3. Amazon Prime Day Deals 2021
    12:56 Deals

    Amazon just announced a ton of new deals for day 2 of Prime Day

  4. Amazon Gift Card Prime Day Deals
    07:58 Deals

    Free money is definitely Amazon’s hottest deal of Prime Day 2021

  5. Prime Day Nest Thermostat Deal
    16:28 Deals

    The newest Nest Thermostat rarely goes on sale, but it’s $99.98 for Prime Day

Sockbot Android malware discovered in eight popular apps on Google Play

October 19th, 2017 at 4:42 PM
android sockbot malware

If you still aren’t being cautious about which apps you choose to download on your Android phone or tablet, perhaps this latest report will convince you to start taking the warnings seriously. This month, Symantec discovered a new type of Android malware called Sockbot which poses as legitimate apps on Google Play and then adds the devices of users who downloaded the app to a botnet, allowing attackers to create fake ad traffic.

Symantic claims that at least eight Sockbot apps have been identified, each of which has been downloaded between 600,000 and 2.6 million times. The stated purpose of the apps is to modify the skins of characters in Minecraft: Pocket Edition, but behind the scenes, the malware is generating illicit ad revenue.

As Symantec explains on its blog, the Sockbot malware connects to a command and control (C&C) server, opens a socket using the SOCKS proxy mechanism and connects to a specified IP address. Once the connection has been made, a command to connect to a server is issued. Then the app receives a list of ads and the ad fraud begins.

Image source: Symantec

While this is a relatively innocuous use case, Symantec notes that the malware “could easily be extended to take advantage of a number of network-based vulnerabilities, and could potentially span security boundaries.” In other words, attackers could potentially use Sockbot to carry out DDoS attacks going forward.

The good news is that Symantec notified Google of the eight apps on October 6th, at which point the company quickly removed them from the Google Play store. But keep in mind that millions of Android users downloaded these seemingly innocent apps before they were found to be infected. You can never be too careful.

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.

Popular News