Fake Android Minecraft apps scammed million users

Experts at ESET have discovered over 30 scareware uploaded to the Google Play store over nine months masquerading as Minecraft cheats and tip guides.

Do you completely trust mobile applications available on the official app store like Google Play? If your answer is yes, you’re wrong.

ESET security researcher Lukas Stefanko has discovered 30 malicious apps uploaded to the Google Play store over nine months, the bogus apps pretend be Minecraft cheats and tip guides. This kind of attack is very dangerous due to the large audience of the official Google Play, in the specific case Stefanenko confirmed that nearly 2.8 million users have already downloaded malicious Minecraft Android apps. The malicious Minecraft Android apps aren’t trojanized version of a legitimate app, they simply are empty applications that display victims banners to notify them the presence of “high-risk” threat. Users were then directed to remove to remove the threat by activating a premium-rate SMS subscription.

“All of the discovered apps were fake in that they did not contain any of the promised functionality and only displayed banners that tried to trick users into believing that their Android system is infected with a ‘dangerous virus’,” Stefanko says“Users were then directed to remove viruses by activating a premium-rate SMS subscription that would cost them €4.80 per week.

The data related to the download of the malicious Minecraft Android apps are worrying, since the first upload of one of the scareware on the Google Play store in August 2014, several of them were installed between 100.000 – 500.000 times.

“… several of them were installed between 100,000 and 500,000 times and the total number of installations of all 33 scareware applications lies between 660,000 and 2,800,000.” Stefanko added.

The banner is triggered by any user interaction with the fake Minecraft Android app, by simply clicking the Start, Options, and Exit buttons, an alert window popping up, informing victims of the presence of a malware and provide suggestions on how to remove it.

“Clicking on the alert leads to another step of the scam – several websites with more scareware messages. One of these websites tries to appear as if they belonged to the legitimate AV vendor, G-Data.” states  Stefanko.

The last step of the scam sees the scareware preparing an SMS in the system default SMS application. The text of the SMS used by scammers mentions an activation of the antivirus product. The application does not have permissions to send the SMS itself and solely

Be aware because the malicious Minecraft Android apps don’t have permissions to send the SMS so the authors relay in tricking the victims to do it manually with a social engineering technique. The cost for the SMS premium service is 4.80 € per week, not too bad if we consider the number of potential victims.

Unfortunately, it is not simple to avoid similar incidents, Google’s Play Store adopts an anti-malware Bouncer framework to avoid the publication of malicious applications and integrated it with manual review done by human operators. In same cases to avoid this checking mechanism, bad actors upload benign applications and later push malicious updates.

Pierluigi Paganini

(Security Affairs –  Malicious Minecraft Android apps, malware)

Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.