Fake Minecraft mods installed on over one million Android devices

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Fake Minecraft mods installed on over one million Android devices

If you or your kids are fans of Minecraft then take care before installing apps that modify the immensely popular game.

Security researchers at Kaspersky say that they have discovered over 20 fake ‘modpack’ apps that are actually designed to bombard users with adverts in such an intrusive and aggressive fashion that using the phone becomes virtually impossible.

According to the team at Kaspersky, users find that no actual mods are loaded after installing the bogus Minecraft modpacks.Indeed, to the user it appears that the app does nothing at all.

And that’s why a user might forget that they ever installed the fake modpack, especially as it hides its icon.

But the bogus app is still there, and – according to researchers – automatically opening a browser window containing ads every two minutes.

In addition, a command & control server can send instructions to the app telling it to open Google Play, Facebook, or play YouTube videos.

Perhaps the most annoying thing about the fake Minecraft mods is that their victims have a very hard time figuring out why their browser (or Google Play, or Facebook, or YouTube) keeps opening. They are likely to conclude that the problem lies in the browser (or whichever app the fake modpack loads). However, uninstalling and reinstalling the browser will not fix the issue, and neither will tinkering with settings.

According to the researchers, the best way to remove the offending app is to look in Settings > Apps and notifications > Show all apps and delete it from there.

In its blog post, Kaspersky identified five fake Minecraft apps which were still available in the official Google Play store:

  • Zone Modding Minecraft,
  • Textures for Minecraft ACPE,
  • Seeded for Minecraft ACPE,
  • Mods for Minecraft ACPE,
  • Darcy Minecraft Mod

One clue that could have raised suspicions amongst users was the polarity of reviews: either very good (5 star) or very bad (1 star).

App reviews

The researchers explained that it was likely the five-star reviews had all been left by bots under the control of fraudsters, and the negative reviews from genuine users who had been tricked into installing the app.

Sign up to our free newsletter.
Security news, advice, and tips.

According to the firm, the number of users who have installed the apps range from 500 to an eye-watering one million. The apps identified by Kaspersky’s security researchers have now been removed from the Google Play store, but it does appear that Google is still failing to do a good job of properly weeding out unwanted apps like this before they end up on a large number of users’ devices.

Stay safe folks, and don’t assume that just because an app is in the official Google Play store that you can trust it is safe to install on your Android.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.