FutureFive NZ - If you use Minecraft mods, do your research first


If you use Minecraft mods, do your research first

​Minecraft fans beware: IT security company ESET have discovered 87 malicious apps disguised as mods for Minecraft with close to a total of one million downloads on the android store.

This means that 990,000 Android mobile users have been unknowingly exposed to malicious content as well as ad and scam content by installing these fake Minecraft mods.

Basically, there are two types of threats. One is shown as ad-displaying downloaders and the other takes the form of fake apps which redirect users to scam websites.

“I always recommend opting for official app stores when downloading all kind of apps, as a way of avoiding malware,” says Nick FitzGerald, Senior Research Fellow at ESET.

“Checking the popularity and reviews of apps before installing is also generally a good indicator of the content of these apps and of their untrustworthiness. Low ratings and angry reviews are a great indicator of the risk users could run.”


What the apps look like:

1. Ad-displaying downloader

14 different apps come under this category, which is the smaller of the two with 80,000 installations by Android users. The apps are disguised as Minecraft mods and are manually installed.

They have no real functionality and display aggressive ads, and as a result aren’t very popular among users if the low ratings and negative reviews on Google Play are anything to go by.

2. Fake apps redirecting users to scam websites

The second threat has been exposed as 73 different apps which redirect to scam websites. These apps have reached as many as 910,000 installs since they were made available on Google Play between January and March 2017.

Upon launching these apps, a screen with a download button is displayed. Instead of a mod being downloaded when the button is clicked users are redirected to a website in browser and and exposed to a huge amount of obtrusive content.


How the apps work:

1. Ad-displaying downloader

At launch, the apps request administrator rights to the device. Once rights are given, a screen with an “INSTALL MOD” button appears. At the same time, a push notification tells the user that a “Special Block Launcher” is needed in order to move forward with the installation process.

The user is then prompted to install a module called “Block Launcher Pro”, granting it several intrusive permissions (including device administrator rights).

Installing the module brings the user to a dead end screen with a  static Minecraft-themed screen. The only thing the app and module actually do is display ads, which now show up on the user’s device.

2. Fake apps redirecting users to scam websites

These apps display a screen with a download button when launched. Clicking the button doesn’t download any mods, instead redirecting the user to a website in browser.

The websites display all kinds of intrusive pop-ups. These can range from ads, surveys, ‘free’ offers, jackpot wins, porn, to fake updates and fake virus warnings in an attempt at scaring the user into taking action. The messages are even translated into different languages based on the IP address of the user.


What do do if your device is affected:

·   Only for the ad-displaying downloader, first deactivate device administrator rights for both the app and the downloaded module found under Settings -> Security -> Device administrators.

·   For all these apps, uninstall by going to Settings -> Application Manager.

Interested in this topic?
We can put you in touch with an expert.


Follow Us


next-story-thumb Scroll down to read: