Recently, a group of threat actors have disguised their malware as 38 Minecraft-inspired games on Google Play, infecting unsuspecting devices with the insidious ‘HiddenAds’ adware.
While players get lost in the blocky world of Minecraft clones, the adware stealthily runs in the background, generating revenue for the malicious operators.
McAfee’s Mobile Research Team, part of the App Defense Alliance, uncovered the adware set to safeguard Google Play from potential threats.
Distribution
With a staggering 140 million active players every month, Minecraft’s popularity as a sandbox game has prompted various game publishers to try and replicate its success.
Approximately 35 million Android users worldwide fell victim to the adware hidden in Minecraft-like games, with the majority of downloads originating from the following countries:-
- The United States
- Canada
- South Korea
- Brazil
Despite the covert malicious adware activity in the background, the users remained unaware of it as they could enjoy uninterrupted gameplay.
Infection Effects
Here below, we have mentioned the affecting signs of these malicious apps on the targeted devices:-
- Overheating issue
- Increased network data
- Increased Battery consumption
- Laggy behavior
- Uncertain app crashes
Set of Malicious Apps
After reporting, all malicious apps have been removed from the store. Here are the top downloaded apps from that set:-
- Block Box Master Diamond: 10 million downloads
- Craft Sword Mini Fun: 5 million downloads
- Block Box Skyland Sword: 5 million downloads
- Craft Monster Crazy Sword: 5 million downloads
- Block Pro Forrest Diamond: 1 million downloads
- Block Game Skyland Forrest: 1 million downloads
- Block Rainbow Sword Dragon: 1 million downloads
- Craft Rainbow Mini Builder: 1 million downloads
- Block Forrest Tree Crazy: 1 million downloads
Upon the game launch, ads load in the background but don’t appear on the screen. Questionable packets from ad libraries like Google, AppLovin, Unity, and Supersonic were exchanged, as revealed by network traffic analysis.
Similar game names and shared network packets with differing domains hint at a possible connection among the apps, potentially created by the same author.
Apart from this, the cybersecurity analysts classified these adware apps as not high-risk for users, but their presence can still threaten mobile devices.
To ensure a safe and secure experience when downloading applications from the store, security experts have strongly advised users to carefully examine user reviews beforehand and also make sure to keep the installed apps and security software on their devices up-to-date.
Source: https://cybersecuritynews.com/38-minecraft-copycat-games/