A warning for anyone enjoying the internationally popular Minecraft game that security researchers have found 87 malicious apps disguised as mods for Minecraft, with nearly a million installs on the official app store.
The malicious activity can be divided into two main categories: ad-displaying downloaders detected by ESET as Android/TrojanDownloader.Agent.JL and fake apps redirecting users to scam websites, detected as Android/FakeApp.FG.
This is the second time ESET has reported malicious apps abusing the popularity of the Minecraft brand after a previous scareware incident also involving fake Minecraft apps.
How the apps operate:
Ad-displaying downloader – Android/TrojanDownloader.Agent.JL
When launched, the apps immediately request device administrator rights. Once device administrator is activated, a screen with an ‘INSTALL MOD’ button is displayed. A push notification informs the user that a ‘special Block Launcher’ is needed in order to proceed with the installation.
Fake apps redirecting users to scam websites – Android/FakeApp.FG
Once launched, the apps display a screen with a download button. Clicking the button does not download any mods; instead, it redirects the user to a website opened in a browser and displays all kinds of obtrusive content.
Nick FitzGerald, Senior Research Fellow at ESET told Women Love Tech there are important steps to take to remove threats manually:
- Only for the ad-displaying downloader, first deactivate device administrator rights for both the app and the downloaded module found under Settings -> Security -> Device administrators, as shown in Fig. 8.
- For all these apps, uninstall by going to Settings -> Application Manager.
“I always recommend opting for official app stores when downloading all kind of apps, as a way of avoiding malware. However, that alone would not have helped in these cases. So, even if on an official app store, it is best to be extra-cautious when downloading apps offering additional and attractive functions to existing applications, especially if they are not released by the official app developer,” FitzGerald said.
“Checking the popularity and reviews of apps before installing is also generally a good indicator of the content of these apps and of their untrustworthiness. Low ratings and angry reviews are a great indicator of the risk users could run. Also, do not be a ‘canary in the coal mine’ – if an app has very few reviews, wait for a few days and check back!”
Alternatively, use a reputable mobile security solution to detect and remove the threats and ensure your mobile is malware-free.
If you are a regular player of Minecraft and you like to download these apps, you may have come across one of these malicious fake apps. If you are unsure, the signs are easy to recognise: for one, the apps don’t work and you may have seen a random scam message upon clicking the fake download button.