Sockbot is an Android Malware that when installed starts a SOCKS proxy on all infected devices and awaits commands from a remote botnet command-and-control (C2) server. In October 2017, researchers found eight apps available in the Google Play store infected with Sockbot. Researchers observed the infected devices receiving data about ads and, while the apps did not contain functionality to display these ads, the malware author could use Sockbot to relay malicious traffic or conduct DDoS attacks. It appears that the author was still developing the malware when it was discovered in these apps. Google has since removed the apps.


  • October 2017: Sockbot found in eight apps on the Google Play store. (Bleeping Computer)

Technical Details

  • Symantec provides technical details on Sockbot, available here.