14 DAY TRIAL // Researchers over at ESET have discovered 87 malicious apps disguised as mods for Minecraft on the official Google Play app store. Nearly 1 million users had installed them before the problem was reported to Google.
According to ESET's report, these 87 apps were pestering Android gamers with aggressive ads and scam activity. Researchers have divided the large number of apps into two categories - ad-displaying downloaders and fake apps redirecting users to scam websites.
For the first category, ESET found 14 fake apps impersonating Minecraft mods with up to 80,000 installs. They all have low ratings due to the aggressive ads they deliver to users, so, normally, they should be easy to avoid by users.
The other category trying to scam users contains 73 apps. In total, they had about 910,000 installs since being uploaded to Google Play somewhere between January and March 2017, depending on the app.
Bury you in ads and spam
What did these apps do? Well, when you launched one, they displayed a screen with a download button. Tapping that button doesn't download any mods, as promised, but rather redirects the user to a website that opens via the user's preferred browser and displays “all kinds of obtrusive content.” The list varies from ads, surveys, free coupon offers, jackpot wins, porn, fake updates, and fake virus warnings.
“To prevent getting tricked by fake apps and malware, always opt for official app markets,” Lukáš Štefanko, Malware researcher at ESET, reminds users. “Be extra cautious when downloading third-party apps offering additional functions to existing applications. It also helps to check the popularity of the app by numbers of installs, ratings and, most importantly, content of reviews - in the case of these apps, low ratings and angry reviews should have been a good enough indicator of their untrustworthiness.”
If you've fallen victim to one of these apps and want to remove them, go to Settings -> Security -> Device administrators. Then, you can uninstall the apps by going to Settings -> Application Manager.
Update: “We reported the apps in two batches. The first batch has already been pulled from the market and we have received confirmation that the Android Security Team is currently examining the second batch,” ESET told Softpedia over email. In the meantime, you might want to avoid installing such apps.
