View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Networks
May 22, 2015

Up to 3m hit by Minecraft scam on Google Play store

Gamers wanted cheats, but got scareware instead.

By Jimmy Nicholls

Almost 3 million people may have installed malware onto their phones by downloading apps from Google Play ostensibly related to the video game Minecraft.

More than 30 such scareware apps had allegedly been smuggled past the app scanner Bouncer, which is used by Google to stop malicious apps being placed onto Play, an app store that anyone can contribute to.

Lukas Stefanko, malware researcher at the security vendor ESET which found the problem, said: "Most of the rogue applications pretended to be cheats for the popular Minecraft game.

"All of the discovered apps were fake, in that they did not contain any of the promised functionality and only displayed banners that tried to trick users into believing that their Android system is infected with a ‘dangerous virus’."

Despite being labelled differently all of the apps behaved in a similar way once they were installed on a victim’s phone, telling users that to remove the virus they needed to activate a premium text subscription costing €4.8 a week.

Together the apps were downloaded between 600,000 to 2.8 million times, according to public data from the Google Play store, with the first phoney app being uploaded in August last year.

Whilst the apps were uploaded using various developer accounts, ESET believes that they were the work of one individual.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

"The damage that this recent Android malware discovery can inflict is perhaps less acute when compared to the file-encrypting Android Simplocker but the seriousness of this threat lies in the fact that it may have been downloaded by almost three million users from the official Google Play store," Stefanko said, comparing the scheme to a type of mobile ransomware.

He did however add that Google’s plans to have each app reviews by a human would likely bring down the number of malicious apps that were making it onto the store.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU