A bogus version of “Minecraft – Pocket Edition” (also known as Minecraft PE) has been discovered by security researchers that generates income for online criminals by sending SMS messages to premium rate services.
As PC Magazine describes, the trojanised app was discovered by F-Secure researchers on several third-party Android app stores, based in Russia.
Fake Android apps which pretend to be a genuinely popular program but are in fact laced with malicious code are nothing new of course. In the past there have been plenty of examples, including fake Android versions of “Plants vs Zombies”, “Instagram” and “Angry Birds”.
What makes this one different is that the criminals charge users to download their app! Albeit by asking charging 2.50 Euros for their trojan version of the Minecraft PE app, they are at least undercutting the genuine article which is available for slightly more than double that price.
The audacity of criminals charging for an app that then rips its victims off leaves you breathless sometimes.
Normally such bogus apps are offered as a free download, hoping to tempt parsimonious Android users into making an unwise download.
Before you know it, you may find yourself signed up to an expensive premium rate service that you never wanted – and the fraudsters are earning a healthy commission.
The good news is that the malicious version of the Minecraft PE app does not appear to have shown up in the official Google Play store, severely limiting its chances of tricking most Android users.
Of course, the official Android store run by Google is hardly the safest place in the universe itself – having frequently been found to have allowed bogus apps onto its shelves because of less-stringent checking than that, say, deployed by Apple’s iOS App Store.
Always take care over the apps that you install on your Android smartphone, being sure to check out reviews and ratings to confirm that you are likely to be downloading an official version of your favourite app, rather than a knock-off version which might hurt you in the pocket.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.