Fake Minecraft Scam Apps Downloaded Up To 2.8m Times

Hundreds of thousands of Android smartphone and tablet users are believed to have downloaded fake ‘scareware’ applications claiming to be cheats for the popular video game Minecraft, some of which may have been tricked into subscribing to a premium rate SMS service.

Researchers at ESET have uncovered 33 such applications on the Google Play store since August 2014, estimating the combined number of installations is between 600,000 and 2.8 million.

Scareware

Each had had a different name and icon to make them appear as genuine apps, but each exhibited the same kind of behaviour. Once opened, a notification claiming users had a “dangerous” virus on their system was displayed on the screen, the language of which was determined by the device’s location.

If a user acted on this notification, they were directed to websites with more ‘scareware’ messages including one which posed as a legitimate antivirus vendor, offering to remove the alleged malware.

If clicked, the apps created a pre-written SMS message in the device’s default messaging application, posing as an “activation” of the antivirus product – it needs the user to send this manually as the malicious app does not have permission to do so. If the user falls for it, then they are subscribed to the SMS service, forking out €4.80 each week.

The Google Play store has long had a problem with malicious applications, although recent efforts such as the ‘Bouncer’ bot has reduced malware on the marketplace significantly. In order to boost user confidence, Google has since announced all app submissions will be reviewed by a human.

In February, Google removed three apps after they were found to be infected with adware, impacting as many as ten million devices.

How well do you know network security? Try our quiz and find out!