A security firm has revealed that upwards of 2.8 million users have downloaded scareware masquerading as legitimate Minecraft apps off of Google Play Store. According to a blog post written by Lukas Stefanko, a Malware Researcher for ESET, 30 malicious applications pretending to be cheats for the popular computer game wereuploaded to Google Play Store over the past nine months.
However, none of the apps fulfill their promised functionality. Instead they tried to use the threat of "computer viruses" to trick users into activating premium mobile anti-virus software on their devices. Upon launch of one of the scareware applications, a flashing advertizement banner incorporating the language of the user's geographic location covered the entire screen. Any interaction with the banner loaded a message that warned the mobile user that they had been infected with a computer virus. A user who clicked on the alert were then led to several websites with more scareware messages. Shortly thereafter, the scam sent an SMS text to the victim asking them to activate a license for mobile anti-virus software. If they fell for this final step, it would cost the user 4.80 € per week.
"All of the identified scareware apps behaved in a similar way, the only differences being in the names and icons of the applications," explains Stefanko. "They were uploaded to the Play store by different developer accounts, but we assume that these were all created by one person."
Most of the malicious apps received poor reviews and negative feedback on Google Play Store. Even so, several of them were installed between 100,000 and 500,000 times, with the aggregate number of downloads for all 30 scareware applications ranging between 600,000 and 2.8 million.
Google Play Store's anti-malware Bouncer framework has helped reduce the number of malicious applications by as much as 40% since 2011. This number may increase over the coming months in the wake of Google's announcement back in March to introduce new anti-malware procedures, which include a team of researchers who will be responsible for manually reviewing apps for malicious content.
Despite these measures, attackers may still upload legitimate applications to Google Play Store before pushing malicious updates.
Google has since removed all 30 of the malicious Minecraft apps.