Beware these fake Minecraft apps - they may destroy your phone

Minecraft
(Image credit: Shutterstock / Levent Konuk)

Fans of gaming behemoth Minecraft are being targeted by hackers offering malicious modpacks on the Google Play Store, a  report from Kaspersky has claimed.

The cybersecurity firm found more than 20 Android apps on the Google Play Store claiming to be modpacks for Minecraft when in reality, their primary purpose is to display intrusive ads on smartphones and tablets. Of these apps, the least popular one had over 500 installations while the most popular one was installed by more than 1m users.

Before downloading any new app, it is highly recommended that you check app reviews on the Play Store first. When Kaspersky did so for the Minecraft modpacks it discovered, the firm found that their ratings were around the 3-star mark though the scores themselves were highly polarized with many 5 and 1 star ratings. Normally this would be enough to discourage a user from downloading an app but since the cybercriminals behind these Minecraft modpacks are targeting children and teenagers, this wasn't the case.

Kaspersky informed Google about the malicious apps it discovered and they were deleted from the Google Play Store. However, these apps still remain on users' devices even after being removed from the store and the malware creators can still try to get them relisted by modifying them or publishing them from a different developer account.

Fake Minecraft modpacks

Once a user downloads one of these malicious Minecraft modpacks, the app lets itself be opened once but doesn't load any mods for the game. Instead upon closing the app, its icon then disappears from a smartphone's menu. 

Due to the glitchy nature of these apps, most users won't waste time looking for them and may even forget about them completely. However, the modpack remains on a user's device and begins displaying ads in a user's browser. These apps can also open Google Play, Facebook and even play YouTube videos depending on the C&C server's orders.

As these fake Minecraft mods open a user's browser without their knowledge, many users will likely conclude that their browser is the problem. Unfortunately uninstalling and reinstalling the browser will not fix the issue and the apps themselves must be removed to do so.

Once a user identifies the malicious app, they will then need to find it in their device's settings menu (Settings > Apps and Notifications > Show all apps) and delete it from there. The fake modpack will then be removed entirely and fortunately these apps do not try to restore themselves.

For users that do want to mod Minecraft to improve the game's visuals or add new assets, Microsoft has its own Minecraft Marketplace where safe mods can be downloaded without the fear of accidentally installing malware on your device.

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.