'Minecraft' Botnet: Android Apps Hijacked By Malware
A number of companion apps of the popular game "Minecraft" available through Google Play have been found to be infected with an Android malware.
According to the Cybersecurity firm Symantec, they have discovered a total of eight "trojan horse-like" "Minecraft" apps in the Google app store that are being used as part of a massive botnet. These apps are reportedly infected with the Sockbot malware that has the capacity to compromise a device. If before, the developer used the malware to generate ad revenues, it has allegedly been modified to cause more damage. This time around, the attackers may take over the phone of the users who unknowingly downloaded the app.
Symantec said that the malware developer known as FunBaster has been targeting apps with huge followers like "Minecraft," which has more 122 million copies sold with about 40 million monthly active users. All of the eight apps that have been discovered to contain Sockbot malware are Minecraft-themed, mostly those that are usually used by players to look for help or get new skins for the game. FunBaster was able to reportedly conceal the malicious code by encrypting it to bypass Google's automated scans.
Get Our Latest News for FREE
"[T]he malicious code is obfuscated and key strings are encrypted, thwarting base-level forms of detection. Additionally, the developer signs each app with a different developer key, which helps to avoid static analysis-based heuristics as well. We notified Google Play of the presence of these malicious apps on October 6 and Google has confirmed these have been removed from the store," Symantec said.
In the first quarter of 2017, IB Times reported that a similar attack was launched on an estimated 600,000 Android devices. The malware was hidden in guides for popular mobile games, like Pokémon Go, FIFA, World of Tanks, and a number of LEGO titles. The FalseGuide attackers created a botnet to generate ad revenue from oblivious users.
