Sockbot malware was discovered in applications on Google Play Store

This month, Symantec discovered a new type of malware on Android called Sockbot, a legitimate application on Google Play that allows an attacker to create fake ad traffic.

Symantec researchers claim that at least eight applications contain Sockbot identified and have between 600,000 and 2.6 million downloads and installations. The purpose of these applications is to change the look of the characters in the Minecraft Pocket Edition game. Besides, it also creates illegal advertising revenue.

1. Google's new Play Protect system failed from the first test

Malware Sockbot implements a SOCKS proxy mechanism on infected devices

The name Sockbot comes from the operating mode of this malware. They install and deploy SOCKS proxy mechanisms on devices that infect and wait for commands from a remote C&C server.

Sockbot malware was discovered in applications on Google Play Store Picture 1

Symantec also noted that this Sockbot malware could easily be expanded, leveraging some network vulnerabilities and being able to bypass security boundaries. In other words, attackers can use Sockbot to perform next DDoS attacks.

This is not the first Android botnet discovered this year. At the end of last August, the alliance of security firms together removed the botnet WireX, which includes more than 120,000 Android devices infecting and executing DDoS attacks.

Fortunately, Symantec has informed Google of eight malware-infected applications on October 6 and the company quickly deleted them from the Google Play store. However, this also reminds us to always be cautious when downloading any application on the Google Play Store store.