Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

10/18/2017
06:00 PM
50%
50%

Malicious Minecraft Apps on Google Android Could Turn Devices into Bots

New 'Sockbot' malware has 'highly flexible proxy topology' that might be leveraged for a variety of nefarious purposes.

Eight "skin apps" for changing the appearance of video-game characters in the Minecraft Pocket Edition for Android are wrapped in new malware that Symantec researchers have dubbed "Sockbot." Although the malware is currently being used to drive app users to ads, Sockbot's "highly flexible proxy topology" could also turn infected devices into bots, researchers say, and use those devices to launch distributed denial-of-service attacks and exploit a variety of network-based vulnerabilities.

Sockbot is thus named because its command-and-control server requests that the app open a socket using SOCKS and wait for a connection from a specified IP address on a specified port. As researchers explain: "A connection arrives from the specified IP address on the specified port, and a command to connect to a target server is issued. The app connects to the requested target server and receives a list of ads and associated metadata (ad type, screen size name). Using this same SOCKS proxy mechanism, the app is commanded to connect to an ad server and launch ad requests."

The apps, developed by "FunBaster," are all available on Google Play, Android's official app store. Symantec estimates that between 600,000 and 2.6 million devices have been exposed.

Read more in Symantec's blog today

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mr Phen375
50%
50%
Mr Phen375,
User Rank: Apprentice
10/28/2017 | 2:02:02 AM
The Remedy
OMG! What should we do with it now?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
10/20/2017 | 6:55:33 AM
Gaming Community
This post wont pile on to the anarchy that is the Google Play store but I am surprised that the gaming community isn't targeted more heavily by malware. Gamers are always looking to download new things to make the game more interesting so it seems like this vector should be a watering hole for malware.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7759
PUBLISHED: 2020-10-30
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://v...
CVE-2020-7760
PUBLISHED: 2020-10-30
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vu...
CVE-2020-27014
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the targ...
CVE-2020-27015
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privi...
CVE-2020-27885
PUBLISHED: 2020-10-29
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s pass...