ESET researcher Lukas Stefanko says a whopping 2.8 million users have downloaded malicious Minecraft Android applications.
Stefanko found 30 malicious apps uploaded to the Google Play store over nine months masquerading as Minecraft cheats and tip guides.
"All of the discovered apps were fake in that they did not contain any of the promised functionality and only displayed banners that tried to trick users into believing that their Android security system is infected with a 'dangerous virus'," Stefanko says. "Users were then directed to remove viruses by activating a premium-rate SMS subscription that would cost them €4.80 per week. Stefanko says, "... several of them were installed between 100,000 and 500,000 times and the total number of installations of all 33 scareware applications lies between 660,000 and 2,800,000."
The apps craft an SMS which sports text masquerading as an anti-virus activation request. Replying to the message results in the victim signing up to the weekly premium SMS subscription. Flash ads littered the applications pointing users to fake anti-virus warnings and other scareware sources.
Google's Play Store anti-malware Bouncer framework has since 2011 reduced malicious applications by 40 percent. That mechanism is combined with manual review by actual humans to help detect increasingly sneaky malware techniques that attackers use to give Bouncer the slip. Malicious authors may upload benign and legitimate applications in a bid to accrue users before later pushing malicious updates. These security updates are often successful in stinging users who do not pay attention when approving new application permission requests.