Security firm Kaspersky has found more malicious apps disguised as Minecraft mods and a file recovery utility in Google Play market. The rogue apps concealed malicious adware and credential-stealing malware.
Although previously, Kaspersky has detected over 20 apps that claimed to be Minecraft modpacks, there’s always new Minecraft-themed malware spawning instead of old fake apps. Most of these apps turned users’ smartphones into extremely intrusive adware.
After the first run, the newly discovered apps hid their icons, started working in the background, and opened the browser to flash ads to the victim, played YouTube videos, opened Google Play store pages, and more.
The apps Kaspersky researchers analyzed opened the browser every two minutes. It essentially rendered the device useless.
Google quickly removed the malicious apps from its store after the notification from Kaspersky.
Deletion from the Google Play store does not invalidate apps that are already installed, not prevent rogue developers from re-uploading them in new disguises. For instance, the creators of the music app VK Music Trojan could still persist on the app store for several years by creating new versions of their apps.
Knowing that, Kaspersky researchers looked for new Minecraft modpacks in Google Play to see if there were any new ones after their report – and did find some.
Several apps were found that behaved similarly to the above-mentioned ones. However, the new ones, besides displaying full-screen ads, had added some new functionality. They could now download extra modules. This module allowed the apps to run a browser, play YouTube videos, open Google Play app pages, and more.
This time, besides Minecraft mods, the researchers found a utility called File Recovery – Recover Deleted Files. Researchers note that the malicious Version 1.1.0 has been removed, and version 1.1.1, available now on Google Play, is safe.
In addition, Kaspersky found two Minecraft modpacks that show full screen ads even when the app is offline. But these apps could not hide their icons nor run the browser or Google Play.
Finally, there were several apps with malicious functionalities. For example, Madgicx ad network app and TikTok ad-management app that tricked users into providing their Facebook account data.
