Minecraft, with its blocky Scandinavian charm, is not a game you’d expect to have the potential to hijack you mobile with malware and turn it into a botnet.
The game Microsoft acquired for £1.5bn is fairly secure, but despite that, cyber security firm Symantec has found a clutch of Minecraft-based add-ons in the Google Play Store that are harbouring malicious code for Trojan malware called Sockbot.
The Trojan links infected devices to a proxy server to surreptitiously generate advertising revenue and enslave the device as part of a botnet.
Symantec noted that the malicious add-on apps, which allow users to change the appearance of their in-game characters for Minecraft: Pocket Edition, appeared to be originally designed for generating illegitimate ad revenue, but now have more scope to power cyber attacks.
“This highly flexible proxy topology could easily be extended to take advantage of a number of network-based vulnerabilities, and could potentially span security boundaries,” Symantec’s Shaun Aimoto said. “In addition to enabling arbitrary network attacks, the large footprint of this infection could also be leveraged to mount a distributed denial of service (DDoS) attack.”
Aimoto noted that to date, Symantec has found eight Minecraft-based apps infected with the Trjoan that have a combined install base ranging from 600,000 to 2.8 million Android devices, and appears to be targeting gadgets mostly in the US but also in Russia, Ukraine, Germany, and Brazil.
After discovering the malicious apps, Symantec informed Google which stripped them from the Play Store, so mobile Minecraft fans can rest easily for the time being.
However, the cyber threat looks to have been a fairly advanced one, having managed to sneak past Google’s vetting and security processes for the Play Store by posing as legitimate add-on apps. And once the malware was on a device, it used encryption to obscure its code and avoid basic-levels of detection.
With this in mind, Symantec advises the evergreen practise of keeping your mobile software up-to-date, avoiding apps from unknown sources, paying close attention to the permissions an app wants, and of course use mobile security services.