More than 600,000 Android users infected with Scareware from fake Minecraft apps

ESET researchers have discovered more than 30 fake applications available for download on the Google Play Store. The malicious applications, which pretended to be cheats for the popular Minecraft game, have been installed by more than 600,000 Android users worldwide.
None of the scam aps contained any functionality, aside from displaying banners that try to convince users that their phone was infected with a dangerous virus. Once the banners are pressed, users are directed to a remove the virus by texting a premium-rate SMS subscription that costs 4.8 Euro per week. This claims to provide phone antivirus services through legitimate protection company G Data, although the scam has nothing to do with the company.

ESET detects the scareware apps as Android/FakeApp.AL. Despite poor user reviews and negative comments, the scareware has spread massively during the past months. The app itself does not have permissions to send an SMS itself, but instead relies on using social engineering to trick the user into manually paying the fee. 

Google’s automated application scanner, Bouncer, is usually effective in reducing the number of malware available on the official app store, but is not perfect. “The seriousness of this threat lies in the fact that it may have been downloaded by almost three million users from the official Google Play store“, says Lukas Stefanko, Malware Researcher at ESET.

“To avoid the installation of malicious or unwanted applications, refrain from downloading apps from unofficial sources and keep security software on your Android up-to-date“ concludes Stefanko. Users should also read other user reviews, and consider what permissions an app requests during installation. Data from the Google Play store show that several apps were installed between 100,000 and 500,000 times, with the total number of installations from all 33 apps being between 660,000 and 2,800,000 worldwide.

The popular open-world building game has been purchased by almost 20 million users worldwide, and is currently the world’s most sold video game, especially among children.

Google announced in March 2015 that all applications would be reviewed by humans, to decrease the amount of malicious applications on Google Play. Following ESET‘s notification, Google has removed the rogue apps from the store. 
 
ESET researchers have discovered more than 30 fake applications available for download on the Google Play Store. The malicious applications, which pretended to be cheats for the popular Minecraft game, have been installed by more than 600,000 Android users worldwide.
None of the scam aps contained any functionality, aside from displaying banners that try to convince users that their phone was infected with a dangerous virus. Once the banners are pressed, users are directed to a remove the virus by texting a premium-rate SMS subscription that costs 4.8 Euro per week. This claims to provide phone antivirus services through legitimate protection company G Data, although the scam has nothing to do with the company.

ESET detects the scareware apps as Android/FakeApp.AL. Despite poor user reviews and negative comments, the scareware has spread massively during the past months. The app itself does not have permissions to send an SMS itself, but instead relies on using social engineering to trick the user into manually paying the fee. 

Google’s automated application scanner, Bouncer, is usually effective in reducing the number of malware available on the official app store, but is not perfect. “The seriousness of this threat lies in the fact that it may have been downloaded by almost three million users from the official Google Play store“, says Lukas Stefanko, Malware Researcher at ESET.

“To avoid the installation of malicious or unwanted applications, refrain from downloading apps from unofficial sources and keep security software on your Android up-to-date“ concludes Stefanko. Users should also read other user reviews, and consider what permissions an app requests during installation. Data from the Google Play store show that several apps were installed between 100,000 and 500,000 times, with the total number of installations from all 33 apps being between 660,000 and 2,800,000 worldwide.

The popular open-world building game has been purchased by almost 20 million users worldwide, and is currently the world’s most sold video game, especially among children.

Google announced in March 2015 that all applications would be reviewed by humans, to decrease the amount of malicious applications on Google Play. Following ESET‘s notification, Google has removed the rogue apps from the store.