Two million Android users downloaded malicious Minecraft apps

Malware is still a worry on the Google Play Store, even though the rate of malware is dropping to its lowest levels since the inception of the store in 2008.

One of the easiest ways to push malicious apps is by masquerading them under popular names, in this case Minecraft. Guides, tutorials, tricks and other apps would offer help, but quickly turn into a user’s worst nightmare with malware and adware spam.

Over 30 apps have been spotted using the Minecraft name, but instead of adding Minecraft content the creators would try and trick users into thinking they had virus issues. The user would be directed to sign up for “premium SMS anti-virus updates”, costing £4 per week.

The 33 apps were scanned and had between 660,000 and 2,800,000 downloads. Some of the apps received over 500,000 downloads alone, showing the severity of the malware issue when it comes to app masquerading.

Most of these apps didn’t start out this way, originally offering low quality information to Minecraft fans in an attempt to bait them in. Once downloaded, the app would ask to be updated, and then add the anti-virus malware.

If the user is confident the app is legitimate, he/she is more likely to subscribe to the SMS anti-virus updates. It is not clear how many users actually paid for the premium service, although we wouldn’t be surprised to see less than 10,000.

Google has fought back on claims Android is still a cesspit for malware and bugs, claiming its automated service Bouncer removes most of the malware, and its own human checking makes sure all other malicious content is removed.

The issue is updates, Google does not monitor app updates with the same scrutiny Apple’s iOS team does, meaning some malicious content can slip through the cracks from time to time.