Google Play Minecraft apps with up to 2.6m downloads added devices to botnet

MinecraftGoogle has been forced to remove eight apps, with install bases ranging from 600,000 to 2.6m, from its Play Store after researchers alerted it that the apps were adding the devices to a botnet.

The malware was found to be primarily targeting users in the US, but also had some presence in Russia, Ukraine, Brazil, and Germany, according to researchers at security software company Symantec. The apps in question had the legitimate purpose of providing skins to change the look of characters in the popular game Minecraft: Pocket Edition. However, the apps contained a hidden type of malware known as Android.Sockbot.

Upon analysis, Symantec researchers found that the malware was aimed at generating illegitimate ad revenue by connecting the compromised device to an ad server and launching ad requests, despite there being no functionality within the app to display ads. Furthermore, it was found that there was a single developer account associated with the malware.

 “The malicious code is obfuscated and key strings are encrypted, thwarting base-level forms of detection,” said Shaun Aimoto, principal SQA engineer at Symantec. “Additionally, the developer signs each app with a different developer key, which helps to avoid static analysis-based heuristics as well.”

Join us at the 2017 Effective Mobile Marketing Awards Ceremony, taking place in London on Thursday 16 November, to mix with the industrys best and brightest, and raise a glass to the years best campaigns and solutions. To find out more, and to book your place, click here.