Minecraft apps that hijack phones and threaten users into paying out could have cheated millions of users
Over 30 of the apps, which claim to give people extra features and cheats on the popular game, have been found on the Google Play Store
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Millions of users have downloaded Minecraft apps from Google's Play Store that in fact scare them — or their children — into paying out to scam artists.
The apps pose as ways of cheating or modifying Minecraft, popular among children and perhaps the best-selling game ever. But they in fact just hijack phones and then threaten users into paying out €4.80 per week to avoid viruses.
Security expert Lukas Stefanko found over 30 of the apps in Google's store, which together have been downloaded as much as 2.8 million times.
None of the apps have any of the functionality that's promised. Instead, they show users big banners that make them think their phone is infected with a virus, and then scare them into signing up to the premium rate text message service to get rid of those entirely fake "dangerous virus[es]".
The app takes control of the phone so that the messages about the viruses look as if they are being genuinely generated by Android. It also accesses the text messaging service to make it look as if sending the text is a sign-up to the antivirus product, but it is in fact just a sign-up to a premium-rate SMS service.
All of the apps behaved similarly, Stefanko said, but had different icons. That likely means that they were probably made by the same person or people, though they were uploaded by different accounts.
The first of the apps was uploaded in August 2014. Since then, 33 have been found , several of which had individually been installed 100,000-500,000 times, according to Google's statistics.
Since then, Google has been notified of the fake apps and they have been taken down. But it's unclear how many people signed up to the text messaging scam before that.
Google has a special tool called Bouncer that scans submitted apps to see whether they are malicious. That has reduced the number of bad apps by about 40 per cent, and Google has introduced plans to have apps reviewed by humans, which it hopes will further limit the spread of such programs.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments