Over 80 fake Minecraft: Pocket Edition mods have been discovered on Google's Play Store. The malicious apps, which boast a combined total of around 990,000 installs, have been designed to barrage unsuspecting players of the Android mobile game with aggressive advertisement pop-ups and links to scam websites.
Unlike PC and console versions of the hugely popular sandbox building game, adding custom content to Minecraft: Pocket Edition on Android relies on mod launchers – such as BlockLauncher or PocketTool – and imported .js files, with individual files adding new block types, monsters, weapons, mining tools, cheats, and other features not found in Mojang's base game.
The deceptive apps uncovered by ESET Security present mod files as if they were a normal Android application. While there are some apps of this kind that do merely collect Minecraft mod files, the apps in question here either asked users to hand over device administration rights, accept Android permissions or download other fake app modules in return for a batch of nasty adware – or simply redirect to unscrupulous scam sites.
The Trojan-type app spanned 14 of the total discovered and boasted up to 80,000 installs. Using an ad-displaying downloader (Android/TrojanDownloader.Agent.JL), victims of the dubious apps found that their devices would be filled with full-page, out-of-app advertisements for other Google Play Store games. ESET notes that this particular type of fake app could be used for "more dangerous threats distributed under [a] similar disguise" as the downloader opens the door to other forms of malware.
The remaining 910,000 installs were all found to redirect unaware players to scam websites. Once this type of app is launched, a download button within takes the user to various strains of scam sites, including "surveys, free coupon offers, jackpot wins, porn, fake updates and fake virus warnings".
While the apps have since been reported, user comments screen-grabbed by the security firm showed that many Minecraft: Pocket Edition players had fell victim. Those impacted by the fraudulent apps are encouraged to deactivate any administration rights and uninstall them immediately.
The Microsoft-owned Minecraft franchise has evolved into a global phenomenon since its 2011 debut. Minecraft's official Twitter account announced in February that the Lego-like world-building game, which has proved particularly popular with children, had sold a whopping 122 million copies across PC, console and mobile platforms, making it the second-highest selling video game of all time – behind Tetris.