Malware in Minecraft mods

The first version of Minecraft was released way back in 2009, but the game remains incredibly popular to this day. That should come as no surprise; not only is it enormous fun, but it’s a platform for kids and adults alike to create their own worlds. Some even use it for urban planning — and some teachers use it in the classroom.

Unfortunately, as with any successful project, cybercriminals are eager for a piece of the action. Since July of this year, we have detected more than 20 apps on Google Play claiming to be modpacks for Minecraft, when in fact their primary purpose is to display ads on smartphones and tablets in an extremely intrusive manner. We explain what these apps are and how to protect Android devices against such threats.

Fake Minecraft mods on Google Play

At the time of this writing, most of the unscrupulous apps we found on Google Play had already been removed. The five that remained were:

Zone Modding Minecraft, Textures for Minecraft ACPE, Seeded for Minecraft ACPE, Mods for Minecraft ACPE, Darcy Minecraft Mod.

The humblest of them had more than 500 installations, and the most popular more than 1 million. Although the apps have different publishers, two of the fake modpacks carried almost the exact same description, down to the typos.

Apps with different publishers, same description

The app reviews are contradictory. Average ratings hover around the 3-star mark, but overall, scores are highly polarized, mostly 5s and 1s. That kind of spread suggests that bots are leaving rave reviews but real users are very unhappy. Unfortunately, in this case, the cybercriminals are targeting kids and teenagers, who may not pay attention to ratings and reviews before installing an app.

The apps receive either five stars or one. Suspicious!

The apps receive either five stars or one. Suspicious!

We informed Google about the malicious apps mentioned above, and the apps were deleted from Google Play by the time this post was published. Nevertheless, it’s worth mentioning that:

After apps are deleted from Google Play, they remain on the smartphones of any users who already installed them; The malware creators can try to get their apps back in the store by modifying them and publishing them from a different developer’s account. Fake mods on the device

Meanwhile, users rightly curse the apps for not doing what they promised. Having landed on a smartphone, the “modpack” lets itself be opened once, but it doesn’t load any mods (in fact, the app we studied closely did nothing useful at all). The frustrated user closes the app, which promptly vanishes. More precisely, its icon disappears from the smartphone’s menu.

Users complain that the app doesn't work and seemingly deletes itself

Users complain that the app doesn’t work and seemingly deletes itself

Because the “modpack” seemed glitchy from the start, most users, especially kids and teens, won’t waste time looking for it. They may even forget it and not bother trying to remove it. Unbeknownst to the user, however, the app remains on the smartphone — and not merely there, but hard at work.

Concealed from the user, the fake modpack starts displaying ads. The sample we

Continue reading

This post was originally published on this site