Symantec Finds More Botnet-Building Malware In Google Play

Joanna Estrada
October 19, 2017

After discovering the malicious apps, Symantec informed Google which stripped them from the Play Store, so mobile Minecraft fans can rest easily for the time being. The fact that the malicious apps have been installed on hundreds of thousands and (some of them) millions of devices is a testament of the author's skill and savvy.

At the surface, those apps would provide an actual in-game use (the provided example, shown to the right, is an assassin character skin). Symantec says that it set up network analysis of the malware and found that it was aimed at generating illegal ad revenue. Numerous scammers appeared to be taking advantage of lax vetting procedures for newly added apps; one titled "Mobile protection: Clean & Security VPN" rose to the top 10 grossing productivity apps in the Apple store before it was revealed to be charging users some $99.99 a week.

"Android.Sockbot is a Trojan horse for Android devices that creates a SOCKS proxy on the compromised device", Symantec said on its website. The malware installed and started a SOCKS proxy on all infected devices, and awaited commands from a remote botnet command and control (C&C) server. The large install base could also be leveraged to mount DDoS attacks.

At this point it's become quite clear that Google isn't really the best at keeping malicious apps out of the Play Store, although it's doing a spectacularly flashy job of trying to convince us otherwise.

Symantec wrote that the developer account behind all eight apps, FunBaster, had apparently encrypted parts of the code to thwart "base-level forms of detection".

First off, we need to mention that there is a difference between Google Play Services APK and Google Play Services for Instant Apps APK.

The malware appeared to be mainly aimed at US users but has also been seen in Russia, Ukraine, Brazil and Germany.

Android Police initially spotted the changes, and although the core functionality of Google Play Music on Android TV remains mostly unchanged, the updated interface looks much more modern and a lot cleaner.

Other reports by Click Lancashire

Discuss This Article