Infected Minecraft Apps Could Potentially Turn Over 2 Million Android Devices Into a Botnet Army

By on Oct 20, 2017

We all love a good game, especially those that allow us to create and innovate with the touch of our fingertips. That’s why the video game Minecraft, which allows players to build constructions out of textured cubes, has grown in popularity. It’s become so popular, in fact, that there’s even mobile app versions of the game.

And now malicious versions of these apps exist too. Just this week, cybersecurity researchers discovered Minecraft Android apps in the Google Play store that have been infected with Sockbot malware. These eight apps have been designed to enslave the devices that download them into a botnet army, and have impacted almost 2.6 million devices already.

These apps managed to sneak their way onto Google Play through the art of deception. Basically, the infected apps posed as add-on functionality for the popular Minecraft: Pocket Edition (PE) game. They are not official Minecraft apps but instead offer “skins” which can be used to modify the appearance of in-game characters.

Once downloaded, however, the apps’ true intentions come out. At first, it was thought that the apps were originally aimed at generating illegitimate ad revenue. Some apps were found connected to a command-and-control server (C&C) that supplied the apps with a list of ads and metadata to launch ad requests. But instead of generating revenue, Sockbot created a SOCKS proxy, which is basically a gateway between a local network (e.g., all the devices in one building) and a larger-scale network, in order to enslave devices into a botnet army. And so far, its recruited quite a few soldiers, as its been reported that 2.6 million devices have been hit already.

Fortunately, these apps have been flagged to Google, who quickly removed them from their official app store. However, with millions of devices already impacted, it’s important Android users keep these tips in mind:

  • Only download apps from the original developer. As fun as it is to enhance your game, you should only download add-ons and alternative apps that have been created by the original developer. In the case of Sockbot malware, Android users could’ve avoided infection if they only downloaded applications from the makers of Minecraft themselves.
  • Do your homework.Before you download an app, make sure you head to the reviews section of an app store first. Take the time to sift through the reviews, and keep an eye out for ones that mention that the app has had issues with security or might be a bit sketchy. It helps to research the developer too. When in doubt, don’t download any app that is remotely questionable.
  • Use a mobile security solution. As malware campaigns continue to infect mobile applications, make sure your mobile devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs