Rebelote ... an Android botnet deceived Google Play


Present in Android applications infected on the Google Play Store, a malware has added compromised devices to a botnet. This is not a first in the genre.


 Symantec reports that the Google Play Store hosted an Android malware called Sockbot. At issue, at least eight infected applications that generated a total of 600,000 to 2.6 million installations.

Deployed by a single developer named FunBaster, applications were removed by Google earlier this month. It's almost a habit, the apps featured skins for the popular Minecraft (Pocket Edition) game.

An application infected by Sockbot was trying to establish a connection with a command and control server, and for opening a socket using the SOCKS protocol. For the most part, Symantec evokes a botnet for advertising and DDoS attacks.


An application infected by Sockbot (credit: Symantec)
 In addition to methods of obfuscating the malicious code, each infected application was signed with a different key from the developer. For Symantec, this helps to get through the mesh of some analyzes.

It is in any case very unpleasant to hear that the Google Play Store has yet been unable to detect such infected applications. The malware has mainly targeted users in the United States, with also a presence in Russia, Ukraine, Brazil and Germany.


 Related:Android: a ransomware that changes your PIN
 
At the end of last August, the Android bot WireX was dismantled and the Google Play Store was also made with many infected applications. They had been removed remotely on affected devices, and included in Google Play Protect (security feature).


💌     Follow by Email:Digital Channel

🌍🔍  Search Google :digitalchanneltv.tk


 Click Index You Might Be Interested
  



 
suivre Dhaouadi Aymensur Google+

Enregistrer un commentaire

Plus récente Plus ancienne
Update cookies preferences