McAfee virus hunters have detected malicious Android game apps with more than 35 million installs. They are clones of the popular block-building block based game Minecraft that were available on Google Play Store. After the report by McAfee, Google has removed the dubious apps from the store and from the Android smartphones.
Minecraft: Evil free riders on popular game
Because of Minecraft’s popularity, there are countless games with the same underlying concept. McAfee discovered 38 that contained hidden ads. These apps secretly sent packages for high advertising revenue. McAfee reported the malicious apps to Google, and Google Play Protect protection was able to notify users of identified malicious apps.
Some of the affected games have large install numbers. Block Box Master Diamond, which delivers hidden ads, has more than 10 million installs.
(Image: McAfee / Blog)
The cyber criminals uploaded the apps to the Google Play Store as usual, with various titles and package names. Many games have been downloaded by interested parties. A malicious app with the title “Block Box Master Diamond” managed to get more than 10 million downloads.
Since the games were actually usable, users were unaware of the large amounts of ad packs generated on their devices. The players can easily play their Minecraft-like scenarios in the malicious apps. However, advertising packages from different domains appear on the device, explained McAfee in the blog post with the analysis. As an example, McAfee shows four questionable packages created by the advertising libraries AppLovin, Google, Supersonic, and Unity. Nothing is displayed on the game screen.
All games also have in common that the initial network packets have different domains, but all of them 3.txt contained as a path or requested file. McAfee has detected the cyber threat in various countries around the world, but most widespread in USA, Canada, South Korea, Brazil and finally also in Europe, with strong presence in UK and Germany.
Malware writers: target young people
According to McAfee’s observations, the most accessed content by young people on mobile devices is games. Malware developers would also know this and hence hide their malicious functions in games. Not only is it difficult for regular users to track down such hidden features, but they simply trust games from official stores like Google Play. Therefore, McAfee recommends reading the user reviews of such game apps thoroughly before installing an app.
At the end, McAfee also lists Indicators of Compromise (IOCs) for the 38 game apps, which users can use to identify the malware and remove it if necessary. In addition to package names and program titles, the IT researchers also add SHA256 hash values.
Malware authors can even use services to distribute their malicious apps. Kaspersky recently found that those with $2,000 or more are taking action to get apps onto the Google Play Store and even advertise for them.
(dmk)