Scammers have found a new way of taking advantage of the sandbox videogame: Minecraft Mods. 

Its wild success has inspired both good and bad actors to develop Modpacks. In this case, they come as Google Play apps that appear legit but deliver Adware.

Have you ever tried using Mods in the game? Or are you worried that your kids do so?

Then please, keep reading.

 

What Happened to Harmful Minecraft Mods

Kaspersky researchers have found over 20 malicious apps since July, which is suspected to have been downloaded on +1 Million Android devices.

They lurked among other 15,000 Minecraft Mods to find a small, but a deadly amount.

The good news is: Google Play removed a good part of them.

The bad news? There are still five malicious titles available for download.

Kaspersky’s researches reveal that these are: “Zone Modding Minecraft, Textures for Minecraft ACPE, Seeded for Minecraft ACPE, Mods for Minecraft ACPE and Darcy Minecraft Mod.”

Google hasn’t responded to comment requests so far.

 

What Are Minecraft Mods & How Do They Work

First and foremost, if you don’t know Minecraft: this is an open-world game with both survival and creative mods (the latest dedicated to free building). 

While they’re aimed at kids and teens who like to create worlds, according to Microsoft’s Head of Minecraft (Helen Chiang), the average player is around 24 y.o.

It was first released in 2009 by Mojang Studios, with the original version called Java Edition.  And it is in the same Java designed version, where third-party developers can easily create and share compatible applications (also called “modpacks”).

They often add, enhance, and customize the player’s experiences. 

Gamepedia confirms that at this moment, there are +15,000 Minecraft Mods available. And five of them which are confirmed malicious, are still out there.

The most popular having more than 1 million installs, while the least popular, 500.

Fake Minecraft Mods

The Kaspersky team announced that once the Minecraft Mod malware gets installed, it will only allow being opened once on the Android device. After that occurs, the app continues to work as intended: glitchy and useless.

 

This only provokes to be run in the background, forgotten, while it keeps delivering ads. The report expanded:

“The frustrated user closes the app, which promptly vanishes. More precisely, its icon disappears from the smartphone’s menu. 

Because the ‘modpack’ seemed glitchy from the start, most users, especially kids and teens, won’t waste time looking for it.

The sample we examined automatically opened a browser window with ads every two minutes, greatly interfering with normal smartphone use.

In addition to the browser, the apps can open Google Play and Facebook or play YouTube videos, depending on the [command-and-control] server’s orders. 

Whatever the case, the constant stream of full-screen ads makes the phone practically unusable.”

 

There’s a small chance that if you’re reading this because it happened to you.

But still, if that’s the case, then you need to read down below, to learn how to prevent or solve future Minecraft Mods malware.

 

Eliminate Malicious Minecraft Mods and Prevent Later On

Messing with the settings won’t get rid of the malware. But fortunately, deleting the app from the list of all apps (Settings → Apps and notifications → Show all apps) will remove/delete entirely.

Of course, identifying malicious apps it’s not an easy task to do… Especially if there’s no guidance of where to look. 

Kaspersky researchers confirmed that while two modpacks from the list were uploaded by “different publishers,” the descriptions are quite the same.

Also, the app ratings/reviews seem quite suspicious. The average rating was five-stars, but at the end of the spectrum, there were also a lot of one-stars.

The report explains: 

“That kind of spread suggests that bots are leaving rave reviews, but real users are very unhappy.

Unfortunately, in this case, the cybercriminals are targeting kids and teenagers, who may not pay attention to ratings and reviews before installing an app.”