Cybersecurity firm Symantec has discovered eight different Android apps available on the Play Store that have been quietly building a botnet for later use, as well as earning their creators money. And all of them are related to the hit game Minecraft.
The malware in question here is called Android.Sockbot. All eight apps it’s been found in allow mods for characters in Minecraft: Pocket Edition, the smartphone version of the hit PC game. It’s an incredibly popular title, as evidenced by the fact that Symantec believes up to 2.6 million Android device have been infected by Sockbot, ranging from the US and Russia, all the way to Brazil and Germany.
Once installed, the app connects to its control server in the background, and sends ad to you, as well as requesting ads from an official ad server. Not all of these are shown to you, but Symantec believes requesting them is enough to generate illegal funds for the malware’s creator.
At the same time, each device affected by the malware is added to a botnet, which is a hacking term for a bank of compromised devices a hacker can use to initiate a distributed denial of service attack (DDoS). That’s when the perpetrator has multiple systems bombard a website or online service with requests until it crashes. Indeed, the only way you may notice that your smartphone is infected is thanks to reduced battery life and processing speed.
All eight apps were traced back to a developer named FunBaster, which used a multitude of ways to avoid having its malware detected on the Play Store.
Google was warned of the malware on October 6 by Symantec, and the apps have since been removed. However, that doesn’t stop the hackers from using the nearly 3 million Android devices already infected.