Enlarge (credit: portal gda)
Google has booted eight Android apps from its Play marketplace, even though the apps have been downloaded as many as 2.6 million times.
The industry giant took action after researchers found that the apps add devices to a botnet and can perform denial-of-service attacks or other malicious actions.
The stated purpose of the apps is to provide a skin that can modify the look of characters in the popular Minecraft: Pocket Edition game. Under the hood, the apps contain highly camouflaged malware known as Android.Sockbot, which connects infected devices to developer-controlled servers.
This is according to a blog post published Wednesday by researchers from Symantec.
The malware mostly targets users in the US, but it also has a presence in Russia, Ukraine, Brazil, and Germany.
When the researchers ran an infected app in their laboratory, they found it establishing a persistent connection based on the Socket Secure (SOCKS) protocol to a server that delivers ads.
The SOCKS proxy mechanism then directs the infected device to an ad server and causes it to request certain ads be displayed.
Read 3 remaining paragraphs