terça-feira, 24 de outubro de 2017

Android Apps Infected with Sockbot Malware Turn Devices into Botnet


Android Apps Infected with Sockbot Malware Turn Devices into Botnet

Cybercriminals apparently are well aware of the fact that Minecraft is a truly profitable game perhaps that’s why they are eager on identifying new ways of exploiting it. Reportedly, there are a number of Minecraft oriented Android apps available on Google Play Store that are infecting devices and turning them into botnets.

According to research conducted by Symantec’ cybersecurity researchers, eight apps on Google Play Store are infected with an embedded malicious Trojan called Sockbot. The installation scope of this particular malware campaign is quite wide-ranged with approx. 600,000 to 2.6 million devices targeted so far. The apps initially posed as add-ons for Minecraft: Pocket Edition game to get posted at Google Play Android app store.

However, these are not official Minecraft game apps but only providing skins for changing the appearance of characters in the game. The apps have been designed to generate ad revenue through illegal ways. One of these eight apps was found to be communicating with a command and control server (C&C) for instructions to open a socket using SOCKS before creating a link with the targeted server. The C&C server provided a list of metadata and ads to promote ad requests. But in reality, the app is not meant to display ads but to compromise mobile devices for nefarious purposes.

After being installed on a device, the app asks for a range of permissions including displaying of alerts, accessing GPS data, open network connections, access Wi-Fi service and acquire read and write privilege on external storage device

Nenhum comentário:

Postar um comentário