35M Downloads Of Android Minecraft Clones Spreads Adware

By   Olivia William
Writer , Information Security Buzz | Apr 27, 2023 01:09 pm PST

A group of 38 Minecraft-like games on Google Play attacked devices with the Android adware “HiddenAds,” which loaded ads in the background without the user’s knowledge. This made money for the games’ creators.

Minecraft is a successful sandbox game with over 140 million active players monthly. Many game companies have tried to make similar games. About 35 million Android users around the world, mostly from the US, Canada, South Korea, and Brazil got Minecraft-like games that were hiding adware.

Users didn’t notice the bad software activity going on in the background because they could play the games as promised. Also, a lot of ads could cause your device to get too hot, use more network data, or use up more battery power, which could be seen as being caused by the game.

The adware set was found by McAfee’s Mobile Research Team, which is part of the App Defense Alliance, which was made to protect Google Play from all kinds of dangers.

After reporting, all of the apps were reported and then taken off the store. Here are the most popular apps from this group of bad ones:

  • Block Box Master Diamond has been downloaded 10 million times.
  • Five million people have downloaded Craft Sword Mini Fun.
  • Block Box Skyland Sword has been downloaded 5 million times.
  • Craft Monster Crazy Sword has been downloaded 5 million times.
  • Block Pro Forrest Diamond has been downloaded 1 million times.
  • Block game Skyland Forrest has been downloaded 1 million times.
  • Block Rainbow Sword Dragon has been downloaded a million times.
  • Craft Rainbow Mini Builder has been downloaded 1 million times.
  • Block Forest Tree Crazy has been downloaded 1 million times.

McAfee says that the most popular games with malware are:

As soon as the user starts the game, the ads load in the background, but nothing shows up on the game screen. A study of network traffic, however, shows that several suspicious packets are sent and received. These packets are made by ad libraries from Google, AppLovin, Unity, and Supersonic, among others.

In the background, suspicious network packets were sent and received.

McAfee says that suspicious network messages were being traded in the background. McAfee says that the first network packets for a few of the apps have the same format, using “3.txt” as the path and looking like “https://(random).netlify.app/3.txt,” even though the domains are different for each app.

This, along with the fact that the games have similar names, points to a possible link between them, making it likely that the same person made both apps. But McAfee doesn’t say anything directly about any clear links.

Adware apps aren’t usually thought to be very dangerous for users, but they can slow down a mobile device, raise privacy concerns, and even create security holes that could let in even worse infections.

Android users should review McAfee’s report for a list of impacted apps and delete them if they haven’t already.


About 38 Google Play Minecraft knockoff apps infected devices with the Android adware “HiddenAds” to secretly load adverts to make cash. Numerous game publishers have tried to imitate Minecraft, a sandbox game with 140 million monthly active users. 35 million Android users in the US, Canada, South Korea, and Brazil downloaded Minecraft-like games with adware.

As promised, the consumers played the games without noticing the dangerous adware activities. Loading many adverts may cause overheating, higher network traffic, and battery consumption, which may be blamed on the game. The App Defense Alliance’s McAfee Mobile Research Team found the adware set. After reporting and removing all apps from the store, the most downloaded harmful apps are given below:

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x