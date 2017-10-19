SECURITY FIRM SYMANTEC is wagging a very savage insecurity finger at Google Play because it has found something in there that really should not have been there in the first place.

The firm says that some Android malware, called Android.Sockbot is well out of hand and is feeding a huge botnet that could include over 2.6 million devices. Six apps are supposed to be laden with the bad seed, and their install bases vary.

"We have encountered a new and highly prevalent type of Android malware (detected as Android.Sockbot) posing as apps on Google Play and later adding compromised devices into a botnet," explains the firm on its blog.

"So far we have identified at least eight such apps, with an install base ranging from 600,000 to 2.6 million devices. This malware appears primarily targeting users in the United States, but also has a presence in Russia, Ukraine, Brazil, and Germany."

The applications ape some legitimate offers for skins on Minecraft, but it is your CPU that will be being skinned here.

"The legitimate purpose of the apps is to modify the look of the characters in Minecraft: Pocket Edition (PE). In the background, sophisticated and well-disguised attacking functionality is enabled. We set up network analysis of this malware in action and observed activity apparently aimed at generating illegitimate ad revenue," Symantec barked.



"The app connects to a command and control (C&C) server on port 9001 to receive commands. The C&C server requests that the app open a socket using SOCKS and wait for a connection from a specified IP address on a specified port.

"A connection arrives from the specified IP address on the specified port, and a command to connect to a target server is issued. The app connects to the requested target server and receives a list of ads and associated metadata (ad type, screen size name). Using this same SOCKS proxy mechanism, the app is commanded to connect to an ad server and launch ad requests."

The post adds that none of the six apps, only one of which was named, are still on the Play Store. The named game is Assassins Skins for Minecraft. µ