Minecraft, first released in 2009, is an open-ended video game that allows users to craft their own 3D world.
It is currently the bestselling game of all time with more than 200 million copies sold as of May 2020.
Given its immense popularity, it’s not surprising bad actors online would attempt to exploit the game to further their own objectives.
Kaspersky researchers recently discovered more than 20 apps available for download on the Google Play store that claimed to be modpacks (collections of user-created packages that add additional gameplay elements, such as additional textures for crafting buildings) for the game. However, in actuality, they were distributing adware: software that bombards users with unwanted ads, disrupting their normal use of devices.
Upon downloading the modpack, users would be able to open the app once – enough to notice that it doesn’t actually download any mods.
Upon closing the app, its icon disappears on the phone, leading the user to forget it was there in the first place. However, in actuality, it has not disappeared but is hard at work in the background.
The app then begins to display highly intrusive ads. The fake modpacks analysed opened a browser window every two minutes and had the ability to open Google Play and Facebook and even play YouTube videos – interfering with users’ use of their smartphone.
Fortunately, the malicious modpack doesn’t try to restore itself once it’s deleted, but it can be hard to locate. Since the icon is not present on the home screen, users have to first remember that they downloaded the app and then locate it in their device settings to delete it.
The least “popular” modpack had been downloaded 500 times, while the most popular had more than 1 million installations.
Google has been notified and has removed all the malicious applications.
“These types of malicious apps are particularly troublesome because they’re targeting children and teens – many of whom are likely unaware of how to spot potentially malicious apps or how to remove them. In addition, because the apps can open the smartphone’s browser, Facebook or YouTube, users might assume the problem rests with these applications, rather than a modpack they might not remember they downloaded. Parents should teach their kids to always be careful about which apps they download and make sure their children’s devices have a security solution installed,” comments Igor Golovin, security expert at Kaspersky.
To keep yourself and your kids safe from malicious apps, Kaspersky experts recommend:
- Always check application permissions to see what your installed apps are allowed to do
- Teach your kids how to spot potentially risky applications, such as poorly written descriptions and reviews and ratings that vary wildly
- When looking for new apps, take the developers of those apps into account. Software from reputable developers is far less likely to contain infections.
- Restrict children’s ability to install apps and games unsupervised. You can set the restrictions for your child’s smartphone and computer activity with a parental control application such as Kaspersky Safe Kids.