Security Architecture, Application security, Application security, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Ramnit botnet spotted in Google Play but poses limited threat

In much the same way a forgotten land mine can cause injury years after it was planted and forgotten, researchers are noticing the Ramnit worm popping up on mobile devices two years after its main users were taken down by law enforcement.

Once one of the more dangerous botnets being used, Ramnit's servers were siezed by Europol with an assist from Symantec in February 2015 effectively limiting the threat. However, that company is now noticing Ramnit appearing in apps on Google Play even though the malware does not run on Android. These first appeared in March 2017 when 100 Ramnit infected apps were found, followed more recently when an additional 92 distinct apps were available. These had garnered more than 250,000 downloads.

Symantec researchers believe the continued presence is due to some Ramnit operators still being on the loose combined with latent infections of the apps.

“What's most likely happening here is that there are a number of Android app developers who are developing and building on infected computers or unknowingly bundling infected files into app bundles that are then submitted to Google Play for inclusion in the store,” Symantec wrote in a blog.

Symantec is not certain why Google's malware detection is not catching these apps during the vetting process, but it does not believe these apps pose any particular danger to consumers as the steps required to stir the malware into action are not simple.

“In the vast majority of use cases, Android owners who use Windows with an infected device are safe. You have to connect your device to a Windows computer, navigate to and open the infected HTML file in a browser in order for the Windows infection to take place,” Symantec said.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds