ESET researchers have discovered over 80 malicious apps disguised as mods for Minecraft with nearly million installs on the official app store.
It wasn’t so long ago that Minecraft was connected to a scareware campaign, and today, ESET researchers report another misuse of this popular app. As stated in the official analysis available on ESET’s news page Welivesecurity.com; players of this game have been exposed to 87 fake Minecraft mods on Google Play, pestering Android gamers with aggressive ads and scam activity. So far, up to 990,000 users have installed these fake mods.
ESET researchers have divided malicious activity connected to fake mods for Minecraft into two main categories – ad-displaying downloaders, detected by ESET as Android/TrojanDownloader.Agent.JL and fake apps redirecting users to scam websites, detected by ESET as Android/FakeApp.FG
For Android/TrojanDownloader.Agent.JL, ESET reports 14 fake apps impersonating Minecraft mods with up to 80,000 installs. Because these fake mods apps only display aggressive ads, poor reviews are very common.
For the Android/FakeApp.FG, ESET has reported 73 instances using redirects to scam websites that reached up to 910,000 installs since being uploaded to Google Play between January and March 2017. Once launched, the apps display a screen with a download button. Clicking the button does not download any mods; instead, it redirects the user to a website opened in a browser and displays all kinds of obtrusive content.
“To prevent getting tricked by fake apps and malware, always opt for official app markets,” Lukáš Štefanko, Malware researcher at ESET, reminds users. “Be extra cautious when downloading third-party apps offering additional functions to existing applications. It also helps to check the popularity of the app by numbers of installs, ratings and, most importantly, content of reviews – in the case of these apps, low ratings and angry reviews should have been a good enough indicator of their untrustworthiness.“
The full analysis of fake mods for Minecraft on Google Play is now available on WeLiveSecurity.com.