Minecraft Modpacks Carrying Malware Returned to the Play Store Under New Names

  • The authors of adware-ridden Minecraft modpack apps have found a way into the Play Store again.
  • The apps now use an extra module that adds more functions like opening app pages or YouTube videos.
  • Keeping malware outside the Play Store is practically impossible, so users are advised to pick their apps carefully.

Back in November 2020, Kaspersky discovered several fake Minecraft “modpack” apps on the Play Store, which had the sole purpose of infecting unsuspecting users with adware. After the apps were reported to Google and quickly removed, their authors had to return to the drawing board, and according to Kaspersky’s latest report, they did. The malware-ridden apps have returned on the Google Play Store, albeit under new names and themes, and also with some additional hiding tricks under their sleeve.

More specifically, Kaspersky decided to look at the currently available Minecraft modpack apps again and was not surprised to find that many of them were again adware. The addition this time comes in the form of an extra module fetched by the apps after installation, enabling them to carry out more functions. These include hiding their icons, run the browser, play YouTube videos, open Google Play app pages, and more.

Of course, the apps download this module after their installation to evade review-stage rejections and also to secure the granting of risky permissions from the user. As such, this is yet another reminder to pay attention to what is requested from you on the permissions prompt and not just approve anything that is thrown at you.

Source: Kaspersky

In addition to the Minecraft mods, which appears to be a pretty risky category, Kaspersky mentions an app named “File Recovery – Recover Deleted Files” v1.1.0, which carries the same adware. The app has been available on the Play Store until late February 2021, so there’s a good chance that a significant number of Android devices still have it. After its removal at that point, the developers uploaded a clean version, number 1.1.1, which isn’t dangerous to use.

More recent examples come in the form of fake Madgicx and fake TikTok ad-management apps, which are basically just phishing Facebook accounts and data. As Kaspersky points out, even for a company with virtually endless resources like Google, it is practically impossible to keep up with the massive number of malicious uploads that take place on the Play Store each day.

As such, users are advised to read reviews, carefully evaluate the permission requests, avoid downloading and installing APK files from obscure sources, and finally, to use a mobile AV tool from a trustworthy vendor.

REVIEW OVERVIEW

Latest

NBCUniversal’s Streaming Platform ‘Peacock’ Is Landing on Amazon’s Fire TV Today

Users of Fire TV devices will finally be able to enjoy ‘Peacock’ content on their Amazon hardware.This has been requested warmly by...

Dell Fixes Multiple BIOS Vulnerabilities Affecting Millions of Its Computers

Tens of millions of Dell computers are vulnerable to arbitrary remote code execution flaws.The problem lies in BIOS components that come as...

Former Executives of French Spyware Firms ‘Nexa’ and ‘Amesys’ Indicted for Aiding Torture

Four former executives of two French spyware firms have been indicted in Paris for aiding torture in Africa.These people were determined to...