Symantec Warns of Google Play Malware Aimed at Minecraft PE

Antivirus firm Symantec has issued a warning about an app that is available on Google Play that will attach your device to a botnet that could perform DDoS attacks. The Android malware is detected as Android.Sockbot and poses as legitimate apps on Google Play. Symantec says that it has identified as many as eight of these apps.

The install base for all eight apps is large with 600,000 to 2.6 million devices infected. The main target area for the malware is the US, but the malware is also seen in Russia, Ukraine, Brazil, and Germany. The apps promise to change how characters look in Minecraft: Pocket Edition.

The malicious goal of the app is apparently to generate ad revenue illegitimately. The app goes through a connection process with a command and control server once installed and once that process is complete, it connects to an ad server and launches ad requests. The app is sneaky about this and has no functionality to display ads.

Symantec notes that the topology of the exploit could be changed easily for other network-based vulnerabilities and could be used to generate DDoS attacks. Symantec says that it notified Google of these apps and they were removed from the store, but there are devices out there left infected.