SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
19 Oct 2017

Google Play apps with as many as 2.6m downloads added devices to botnet

Google has booted eight Android apps from its Play marketplace, even though the apps have been downloaded as many as 2.6 million times.

The industry giant took action after researchers found that the apps add devices to a botnet and can perform denial-of-service attacks or other malicious actions.

The stated purpose of the apps is to provide a skin that can modify the look of characters in the popular Minecraft: Pocket Edition game. Under the hood, the apps contain highly camouflaged malware known as Android.Sockbot, which connects infected devices to developer-controlled servers. This is according to a blog post published Wednesday by researchers from Symantec. The malware mostly targets users in the US, but it also has a presence in Russia, Ukraine, Brazil, and Germany.

When the researchers ran an infected app in their laboratory, they found it establishing a persistent connection based on the Socket Secure (SOCKS) protocol to a server that delivers ads. The SOCKS proxy mechanism then directs the infected device to an ad server and causes it to request certain ads be displayed.

"This highly flexible proxy topology could easily be extended to take advantage of a number of network-based vulnerabilities, and [it] could potentially span security boundaries," the Symantec researchers wrote. "In addition to enabling arbitrary network attacks, the large footprint of this infection could also be leveraged to mount a distributed denial of service (DDoS) attack."

The post showed that one of the abusive apps was called Assassins Skins for Minecraft. The post didn't name the other seven apps. Google Play showed that the apps had been downloaded from 600,000 to 2.6 million times before they were removed.

Wednesday's post should serve as a reminder that Google is chronically unable to detect untrustworthy apps before allowing them into its official app bazaar. This puts Android users in a difficult predicament that requires them to carefully think through a list of considerations before installing an app.

These considerations include how useful or valuable the app truly is, whether it comes from a recognized developer that has been operating for a long time, and whether other users have left comments reporting suspicious behavior. The vetting process is by no means foolproof, and for that reason, users in doubt should always choose not to install an app.

Tags:
Google Play Android information leaks
Source:
Ars Technica
1650
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015