Google Play Store is one of the most trusted sources for Android users to download whatever software is available. However, back in 2022, the popular store had its fair share of malware infiltration, and that seems to be the case in 2023 as well, as cybercriminals have lately injected malware through Minecraft clones on Google Play Store.
Minecraft is a well-known sandbox game loved and played by over 100 million users all over the world. Unfortunately, threat actors preyed on the game’s popularity, creating clones infected with adware and spreading them through the Android store.
Research shows that the campaign is global, but the biggest impact shows to be on countries like the US, Canada, South Korea, and Brazil. How is this implemented? What can the adware do? Find out below.
Minecraft Clones: Not Real, But Definitely a Real Threat
Android devices make it easy for users to download content. In general, they can get software, apps, and games from whatever source they come across.
However, just because the device itself offers convenience doesn’t mean that they go ahead and get their content from just anywhere.
Not limiting where users can download apps is a huge problem, especially since cybercriminals are well aware of this situation. They create bogus websites and even fake APKs that can inject the device with malware.
Unfortunately, as threat actors elevate their techniques, they’re able to do so much more – infiltrate Google Play Store. It’s been done before, and it’s happening now.
In this particular campaign, Minecraft-like games hiding adware have taken over Google Play Store. Before we proceed with this analysis, take a look at the map where the campaign is mostly active:
Some clone apps don’t attract that many users, but these ones – because they’re based on a popular game – did.
Yes, the infected applications have harnessed more than 35 million downloads. We’ve listed them (based on McAfee’s report) below in case any of you have them:
- Craft Monster Crazy Sword – 5 million downloads
- Block Pro Forrest Diamond – 1 million downloads
- Block Box Master Diamond – 10 million downloads
- Craft Sword Mini Fun – 5 million downloads
- Block Box Skyland Sword – 5 million downloads
- Block Rainbow Sword Dragon – 1 million downloads
- Craft Rainbow Mini Builder – 1 million downloads
- Block Forrest Tree Crazy – 1 million downloads
- Block Game Skyland Forrest – 1 million downloads
The adware-infected applications aren’t as dangerous as other malware families. However, they can disrupt the user’s experience with their behavior.
First, they can heavily reduce the device’s performance. While anyone who has the apps can play normally, things do tend to occur in the background, especially when we speak about loaded advertisements.
Infected devices will also go through sudden overheating, increased network data, or battery consumption courtesy of the unwanted “Background Advertisement.”
Finally, the most dangerous part of having adware is that it raises privacy concerns. Aside from exposed browsing activities, the adware can develop into creating security loopholes, risking worse infections in the process.
Fake It Till You Infiltrate It
Such campaigns are widely common among threat actors nowadays. We don’t know if their techniques are elevated or if Google Play Store is slipping up.
This threat targeted various countries around the world, and it’s within games that actually work. Take a look at this game. That’s legit:
This shows that cybercriminals are indeed perfecting their craft and know exactly how to trick users into downloading their malicious apps.
According to McAfee, the apps have been removed from Google Play Store. Now, it’s all up to you. If you have any of these applications on your device, uninstall them immediately.
Not only that, but you should also download a reputable antivirus tool to scan for any residual adware on your device. They can be tricky to get rid of.