Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Nearly a million Minecraft players feel like blockheads after installing fake mod apps

A batch of malicious apps falsely posing as mod programs for the popular world-building game Minecraft were downloaded by users roughly 990,000 times on Google Play before they were reported last month, according to researchers from ESET.

Of these 87 phony apps, which supposedly allowed players to modify the mobile game in various ways, 73 of them redirected users to scam websites and 14 were in reality an aggressive ad-displaying downloader identified as Android/TrojanDownloader.Agent.JL, ESET reported in a Thursday blog post.

The redirection apps, detected by ESET as Android/FakeApp.FG, were added to Google Play between January and March of this year and were installed up to 910,000 times, the report continues. When installed, these apps display a screen with a download button, which when clicked opens a browser and takes the user to a malicious websites whose content at times included ads, surveys, coupon offers, prizes, porn, and fake updates and virus warnings.

The 14 fake mod programs detected as Android/TrojanDownloader.Agent.JL were installed around 80,000 times. In order to display out-of-app advertisements, the downloader trojan leverages an additional malicious component disguised as a downloadable module that is supposedly needed to install the mods. Called "Block Launcher Pro," this module requires several intrusive permissions from the user, including device administrator rights, and has no real functionality other than to aggressively display ads.

Because Android/TrojanDownloader.Agent.JL is capable of downloading additional apps, it could potentially introduce even more harmful malware to infected users in the future, ESET has warned.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.