Google has recently removed 87 fake Minecraft mods from Google Play, after being notified by researchers about their malicious nature.
A partial list of these malicious Android packages can be found here. If you have recently downloaded a Minecraft mod from the online store, and have since been seeing unwanted ads and warnings about your device being infected, chances are you might have downloaded one of these.
Two types of fake Minecraft mods
According to ESET researchers, the fake mods fall in one of two categories: fake apps redirecting users to scam websites, and ad-displaying downloaders.
Of the 87 mods removed from Google Play, 73 were pushing users towards scammy websites:
And, unfortunately, they have been collectively downloaded by nearly one million users. Still, they are easy to remove from devices: users just need to uninstall the offending app in Settings > Application Manager.
The remaining 14 apps leverage an ad-displaying dropper, and were less popular than those in the previous category.
They were downloaded and installed just up to 80,000 times, which is likely due to many users complaining in the app reviews about the maliciousness of the app, and the fact that they did not offer the touted functionality.
“Interestingly, this ad-displaying downloader is an evolved version of an app that was originally uploaded to Google Play in February,” the researchers noted.
“The original version used a similar interface and also demanded device administrator rights. However, it didn’t have any downloading functionality and, unlike the downloader analyzed in this article, the first version actually provided the user with real Minecraft mods.”
If you find that you have been saddled with one of these fake mods, to remove it from your device you will need first to deactivate device administrator rights for the app and the downloaded module (Settings > Security > Device administrators), and only then you can download them both.
Apparently, the module served only ads, but as it is able to download any sort of malware, you might want to check your device for additional unsanctioned downloads.