We all love a good game, especially those that allow us to create and innovate with the touch of our fingertips. That’s why the video game Minecraft, which allows players to build constructions out of textured cubes, has grown in popularity. It’s become so popular, in fact, that there’s even mobile app versions of the game.
And now malicious versions of these apps exist too. Just this week, cybersecurity researchers discovered Minecraft Android apps in the Google Play store that have been infected with Sockbot malware. These eight apps have been designed to enslave the devices that download them into a botnet army, and have impacted almost 2.6 million devices already.
These apps managed to sneak their way onto Google Play through the art of deception. Basically, the infected apps posed as add-on functionality for the popular Minecraft: Pocket Edition (PE) game. They are not official Minecraft apps but instead offer “skins” which can be used to modify the appearance of in-game characters.
Once downloaded, however, the apps’ true intentions come out. At first, it was thought that the apps were originally aimed at generating illegitimate ad revenue. Some apps were found connected to a command-and-control server (C&C) that supplied the apps with a list of ads and metadata to launch ad requests. But instead of generating revenue, Sockbot created a SOCKS proxy, which is basically a gateway between a local network (e.g., all the devices in one building) and a larger-scale network, in order to enslave devices into a botnet army. And so far, its recruited quite a few soldiers, as its been reported that 2.6 million devices have been hit already.
Fortunately, these apps have been flagged to Google, who quickly removed them from their official app store. However, with millions of devices already impacted, it’s important Android users keep these tips in mind:
- Only download apps from the original developer. As fun as it is to enhance your game, you should only download add-ons and alternative apps that have been created by the original developer. In the case of Sockbot malware, Android users could’ve avoided infection if they only downloaded applications from the makers of Minecraft themselves.
- Do your homework.Before you download an app, make sure you head to the reviews section of an app store first. Take the time to sift through the reviews, and keep an eye out for ones that mention that the app has had issues with security or might be a bit sketchy. It helps to research the developer too. When in doubt, don’t download any app that is remotely questionable.
- Use a mobile security solution. As malware campaigns continue to infect mobile applications, make sure your mobile devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.