Millions of users have downloaded Minecraft apps from Google's Play Store that in fact scare them — or their children — into paying out to scam artists.
The apps pose as ways of cheating or modifying Minecraft, popular among children and perhaps the best-selling game ever. But they in fact just hijack phones and then threaten users into paying out €4.80 per week to avoid viruses.
Security expert Lukas Stefanko found over 30 of the apps in Google's store, which together have been downloaded as much as 2.8 million times.
None of the apps have any of the functionality that's promised. Instead, they show users big banners that make them think their phone is infected with a virus, and then scare them into signing up to the premium rate text message service to get rid of those entirely fake "dangerous virus[es]".
The app takes control of the phone so that the messages about the viruses look as if they are being genuinely generated by Android. It also accesses the text messaging service to make it look as if sending the text is a sign-up to the antivirus product, but it is in fact just a sign-up to a premium-rate SMS service.
1/5 Taj Mahal
The original Taj Mahal may have taken almost two decades to complete, but this is a worthy tribute
Minecraft players have taken inspiration from some of Europe’s most beautiful cities, complete with canals and elaborate architecture.
3/5 Ancient Metropolis
Users have created “The Golden City”, with extremely ornate architecture, similar to Cambodia’s Angkor Wat complex
4/5 Desert island
An ornate island created by one user
5/5 Rocket launch pad
Prepare for take off with this Minecraft rocket
All of the apps behaved similarly, Stefanko said, but had different icons. That likely means that they were probably made by the same person or people, though they were uploaded by different accounts.
The first of the apps was uploaded in August 2014. Since then, 33 have been found , several of which had individually been installed 100,000-500,000 times, according to Google's statistics.
Since then, Google has been notified of the fake apps and they have been taken down. But it's unclear how many people signed up to the text messaging scam before that.
Google has a special tool called Bouncer that scans submitted apps to see whether they are malicious. That has reduced the number of bad apps by about 40 per cent, and Google has introduced plans to have apps reviewed by humans, which it hopes will further limit the spread of such programs.Reuse content