Google has removed eight apps from the official Play Store that were infected with the Sockbot Android malware.
Discovered by Symantec researchers, these apps posed as player skin apps for the Minecraft Pocket Edition mobile game. The eight apps had a total installation count ranging from 600,000 to 2.6 million.
All were developed by the same developer, going by the name of FunBaster. Google removed the apps at the start of the month, on October 6. Google has the ability to remove infected apps from users' phones, so most apps have been removed from user devices.
Sockbot malware deployed SOCKS proxies on infected devices
The malware's name —
Sockbot — comes from the malware's mode of operation. The malware installed and started a SOCKS proxy on all infected devices, and awaited commands from a remote botnet command and control (C&C) server.
Albeit Symantec researchers found infected devices receiving data about ads, such as ad type, screen size name, and other, the malicious apps where Sockbot was hidden did not contain functionality to display these ads.
In addition, researchers point out that the malware's author could easily change tune at any point in time and use the Sockbot to relay malicious traffic or carry out DDoS attacks instead.
