The cybersecurity firm found more than 20 Android apps on the Google Play Store (opens in new tab) claiming to be modpacks for Minecraft when in reality, their primary purpose is to display intrusive ads (opens in new tab) on smartphones and tablets. Of these apps, the least popular one had over 500 installations while the most popular one was installed by more than 1m users.
Before downloading any new app, it is highly recommended that you check app reviews on the Play Store first. When Kaspersky did so for the Minecraft modpacks it discovered, the firm found that their ratings were around the 3-star mark though the scores themselves were highly polarized with many 5 and 1 star ratings. Normally this would be enough to discourage a user from downloading an app but since the cybercriminals behind these Minecraft modpacks are targeting children and teenagers, this wasn't the case.
- We've put together a list of the best antivirus (opens in new tab) software around
- Keep your device virus free with the best malware removal (opens in new tab)software
- Also check out our roundup of the best ransomware protection (opens in new tab)
Kaspersky informed Google about the malicious apps it discovered and they were deleted from the Google Play Store. However, these apps still remain on users' devices even after being removed from the store and the malware creators can still try to get them relisted by modifying them or publishing them from a different developer account.
Fake Minecraft modpacks
Once a user downloads one of these malicious Minecraft modpacks, the app lets itself be opened once but doesn't load any mods for the game. Instead upon closing the app, its icon then disappears from a smartphone's menu.
Due to the glitchy nature of these apps, most users won't waste time looking for them and may even forget about them completely. However, the modpack remains on a user's device and begins displaying ads in a user's browser (opens in new tab). These apps can also open Google Play, Facebook and even play YouTube videos depending on the C&C server's orders.
As these fake Minecraft mods open a user's browser without their knowledge, many users will likely conclude that their browser is the problem. Unfortunately uninstalling and reinstalling the browser will not fix the issue and the apps themselves must be removed to do so.
Once a user identifies the malicious app, they will then need to find it in their device's settings menu (Settings > Apps and Notifications > Show all apps) and delete it from there. The fake modpack will then be removed entirely and fortunately these apps do not try to restore themselves.
For users that do want to mod Minecraft to improve the game's visuals or add new assets, Microsoft has its own Minecraft Marketplace (opens in new tab) where safe mods can be downloaded without the fear of accidentally installing malware on your device.
- We've also highlighted the best endpoint protection (opens in new tab)