From July 2020 until today, Kaspersky researchers have detected and reported twenty apps that were available on the Google Play Store and which are actually malware. All of these apps claimed to be modpacks for Minecraft, the extremely popular sandbox video game with over a hundred million active users every month.
Mods are meant to provide modifications for the game like texture packs, custom maps, and crafted items that enhance the gameplay and extend the playability.
Five of the twenty apps that have been reported to Google are still available on the Play Store, and these are Zone Modding Minecraft, Textures for Minecraft ACPE, Seeded for Minecraft ACPE, Mods for Minecraft ACPE, Darcy Minecraft Mod. These have between 500 and 1,000,000 installations, and they are all essentially adware. If you happen to have any of them installed on your device, remove it immediately and run an AV scan to ensure that it’s been properly uprooted.
The 3-star reviews that most of these apps have are a clear indication that something’s wrong with them. Still, many users, especially the younger audience that happens to account for the majority of Minecraft’s userbase, don’t pay much attention to reviews.
Also, these users aren’t bothering to leave reviews themselves, so the “modpacks” amass large numbers of downloads and climb the Store’s popularity ranks, but still aren’t reported by many people. This also makes it mathematically possible for the developers to pay for fake reviews and keep the ratings high enough.
When these developers are uncovered for what they really are, which is malware distributors, they open a new account, change the name of their apps, and try again. Thus, no matter how many reports against them are generated, the problem continues persistently.
Also, the adware hides well and operates in a way that isn’t connecting the serving of the ads to the “modpacks.” The only way for users to be safe is to use a mobile security solution from a reputable vendor and have it scan the device regularly.