Google Play apps with as many as 2.6m downloads added devices to botnet

by
Dan Goodin
from Ars Technica - All content on (#35E2Z)
android-malware.jpg

Enlarge (credit: portal gda)

Google has booted eight Android apps from its Play marketplace, even though the apps have been downloaded as many as 2.6 million times. The industry giant took action after researchers found that the apps add devices to a botnet and can perform denial-of-service attacks or other malicious actions.

The stated purpose of the apps is to provide a skin that can modify the look of characters in the popular Minecraft: Pocket Edition game. Under the hood, the apps contain highly camouflaged malware known as Android.Sockbot, which connects infected devices to developer-controlled servers. This is according to a blog post published Wednesday by researchers from Symantec. The malware mostly targets users in the US, but it also has a presence in Russia, Ukraine, Brazil, and Germany.

When the researchers ran an infected app in their laboratory, they found it establishing a persistent connection based on the Socket Secure (SOCKS) protocol to a server that delivers ads. The SOCKS proxy mechanism then directs the infected device to an ad server and causes it to request certain ads be displayed.

Read 3 remaining paragraphs | Comments

index?i=p8LUUWMlDsw:GT7obc7zzgE:V_sGLiPB index?i=p8LUUWMlDsw:GT7obc7zzgE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments