Millions of users installed malicious Minecraft apps from Google Play

“Since August 2014, Minecraft lovers who like to play the popular game on their Android phones have been targeted with apps that are purportedly cheats for the game, but are ultimately aimed at tricking them into believing their device has been infected.

According to ESET researcher Lukas Stefanko, over 30 such apps have “sprouted” on Google Play since that first one, and have been installed by over 600,000 users.


The apps are fake – they don’t do what they promise to do. Instead, they show banners claiming that the device has been infected with a “dangerous virus,” and instruct users on how to remove it.

While the victims might believe that they are activating an antivirus app to do it (one of the fake app misuses the G Data brand), they are actually consenting to the activation of a premium-rate SMS subscription that costs 4.80 euros per week:

“All of the identified scareware apps behaved in a similar way, the only differences being in the names and icons of the applications. They were uploaded to the Play store by different developer accounts, but we assume that these were all created by one person,” Stefanko noted.

The chance of unknowingly downloading malicious apps from Google Play is way lesser that that of downloading them from third-party online app stores, but it still exists, despite the introduction of Google Bouncer and the manual reviewing of submitted apps by a team of experts.

Despite poor reviews and negative comments, a considerable number of users downloaded these fake apps. “According to public data from the Google Play store, several of them were installed between 100.000 500.000 times and the total number of installations of all 33 scareware applications lies between 660.000 and 2.800.000,” Stefanko pointed out.

Google has been notified of this, and has since removed the apps from the store.”