A batch of malicious apps falsely posing as mod programs for the popular world-building game Minecraft were downloaded by users roughly 990,000 times on Google Play before they were reported last month, according to researchers from ESET.
Of these 87 phony apps, which supposedly allowed players to modify the mobile game in various ways, 73 of them redirected users to scam websites and 14 were in reality an aggressive ad-displaying downloader identified as Android/TrojanDownloader.Agent.JL, ESET reported in a Thursday blog post.
The redirection apps, detected by ESET as Android/FakeApp.FG, were added to Google Play between January and March of this year and were installed up to 910,000 times, the report continues. When installed, these apps display a screen with a download button, which when clicked opens a browser and takes the user to a malicious websites whose content at times included ads, surveys, coupon offers, prizes, porn, and fake updates and virus warnings.
The 14 fake mod programs detected as Android/TrojanDownloader.Agent.JL were installed around 80,000 times. In order to display out-of-app advertisements, the downloader trojan leverages an additional malicious component disguised as a downloadable module that is supposedly needed to install the mods. Called "Block Launcher Pro," this module requires several intrusive permissions from the user, including device administrator rights, and has no real functionality other than to aggressively display ads.
Because Android/TrojanDownloader.Agent.JL is capable of downloading additional apps, it could potentially introduce even more harmful malware to infected users in the future, ESET has warned.