Since July, researchers have discovered more than 20 Google Play Minecraft apps disguised as “modpacks” for the Android version of Minecraft that actually deliver abusive ads making normal phone use impossible. Experts believe the apps have been downloaded on more than a million Android devices. The game was originally developed on Java, making it easy for third party developers to create applications to customize the gaming experience. Once the malware app is installed it can only be opened once. When users open it, the app is unresponsive and glitchy, prompting most users to close it. Once closed the app disappears from view and begins delivering ads in the background. The nuisance app will be completely removed if deleted from the device. Unfortunately, Minecraft users primarily being kids and teens, often forget about the missing app and do not uninstall it.
Analyst Notes
Determining a malicious app from a normal one can be difficult. Be sure to pay attention to the ratings and watch for a large number of 1 star ratings along with many 5 star ratings. Threat actors will likely use a bot to provide great reviews on a malicious app so often times they have an average of 3-star ratings. That’s because real users are giving horrible reviews while bots provide five-star ratings. Minecraft was also targeted earlier this month when threat actors were offering premium skins and mods for free with a trial period. The trial period quickly would end and start charging the account without the user realizing it.
Sources: https://threatpost.com/minecraft-mods-attack-android-devices/161567/?web_view=true
