Minecraft skins on the Play Store discovered as malware

At this point it's become quite clear that Google isn't really the best at keeping malicious apps out of the Play Store, although it's doing a spectacularly flashy job of trying to convince us otherwise. So it's no surprise today has brought us another piece of news about malware infiltrating Google's online storefront. The culprit this time? Minecraft.

Okay, not exactly — the old Microsoft/Google rivalry has yet to devolve into cyber warfare tactics. However, as security researchers working for Symantec recently found out, the game's mobile version has been used as a vector to infect unsuspecting players, with at least eight apps discovered to be masquerading as Minecraft add-ons.

At the surface, those apps would provide an actual in-game use (the provided example, shown to the right, is an assassin character skin). Upon install, however, the apps would connect to a command-and-control server and would start sending ad requests. While no ads were actually displayed, this still resulted in ad revenue for the developer and battery loss for the user.

Furthermore, the apps later added the infected devices to a botnet — in essence, this is a large group of devices which unwittingly perform commands given by the owner of the botnet. The most common use is to DDoS (distributed denial of service) websites, which means to shower them with so many fraudulent requests their servers stop responding to actual users.

Symantec dubbed the malware "Sockbot," and says it has identified eight apps with a total of more than 2 million installs. All of those came from a single developer, called "FunBlaster." Google has already been notified of the problem and has since taken them down.

Granted, none of this is out of the ordinary, but there is one detail that makes this a particularly nasty type of attack: Minecraft's target demographic. While the data is scarce, most sources claim the majority of the game's user base is no older than 15 years. Combine this with the basic functionality of the app being strictly cosmetic (and thus unlikely to excite many adults), and it seems clear that the developer's strategy was to primarily target children.

source: Symantec via PCMag



1. MasterAlchemist

Posts: 56; Member since: Oct 14, 2017

Ah~ the beauty of Android!

8. Sammy_DEVIL737

Posts: 1529; Member since: Nov 28, 2016

Ah~ the comment from mxy alt. account.

2. Wiencon

Posts: 2278; Member since: Aug 06, 2014

Prepare for comments like "It's nothing compared to iOS!" Or, "it's still the most secure OS in the world!" Or maybe just "I love Samsung more than life"

3. nepalisherpa

Posts: 338; Member since: Jul 17, 2015

I was actually prepared for comment like yours!

4. Wiencon

Posts: 2278; Member since: Aug 06, 2014

It's always good to expect the unexpected But I guess my comment was expected

5. gotoAndDie

Posts: 82; Member since: Jun 13, 2015

Well, to be fair, this kind of malware can attack just about any system where the user can run background tasks. Which should've been every OS, since it should be a fundamental freedom for the user to leave something running in the background if they want, but...

6. mikehunta727 unregistered

Google doesn't take the Play Store seriously. They should from now on review every app that is submitted

7. RebelwithoutaClue unregistered

You mean review them manually and not some automated scanner that can be fooled? They do need to seriously increase their efforts to keep malware out of the Play store.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless