Avast warns of Minecraft skin, mod apps fleecing ‘millions’ of Android users

Ridiculously expensive subscriptions are costing users as much as $120 per month.

This new trojan is so versatile it can steal data from 337 Android apps

Active Minecraft modding apps on Google Play are fleecing subscribers through hefty payment models, researchers have warned. 

Malicious mobile apps can come in many forms. Some iOS or Android apps may have Trojan code embedded and waiting to steal your online credentials; others are considered spyware as they can monitor calls, message logs, GPS data, and online activity; whereas nuisanceware plagues users with pop-up ads designed to generate fraudulent revenue for operators. 

Fleeceware can be classified under the same umbrella. While not necessarily dangerous, fleeceware apps can still deprive unwitting users of their hard-earned cash by providing poor goods or services through extortionate, automatic subscriptions. 

Gaming is a popular arena for fleeceware as add-on skins, wallpapers, virtual items, and mods may be highly sought by dedicated users. Some games -- such as Fortnite -- offer digital bolt-ons through in-game currency and features, and third-party developers may also try to capitalize on a game's popularity to make an extra dollar or two. 

Minecraft has been a hotbed of mods for years. Users of the popular game, developed by Mojang and snapped up by Microsoft in 2014 for $2.5 billion, are now being targeted through a wave of fleeceware apps that have made their way onto the Google Play Store. 

See also: New 'Ghimob' malware can spy on 153 Android mobile applications

While subscription-based apps and services are generally acceptable and legitimate, the Minecraft-related fleeceware apps found by the researchers go beyond what many would consider a reasonable offering. 

This is how they work: fleeceware apps will offer a "free" trial for a number of days before a user is automatically signed up to a subscription. These fees can be extortionate, and in the apps found by Avast, the most expensive were $30 per week, or $120 per month. 

"Fraudsters expect the user to forget about the installed application and its short trial, or fail to notice the real subscription cost," the researchers note. 

In total, seven Minecraft-based apps have been reported to Google, but as of the time of writing, all of the apps are still available. 

The Android apps reported are: Skins, Mods, Maps for Minecraft PE, Skins for Roblox, Live Wallpapers HD & 3D Background, MasterCraft for Minecraft, Master for Minecraft, Boys and Girls Skins, and Maps Skins and Mods for Minecraft.

CNET: Ex-Microsoft engineer gets 9-year prison sentence for fraud scheme

These apps offer wallpapers, Minecraft and Roblox skins, and both Minecraft character and map mods. Users have generally awarded these apps no more than one or two stars, complaining of the subscription costs, barrages of adverts, and functionality failures. 

Five out of the seven apps, however, have still been downloaded over one million times. 

It is not enough simply to uninstall these types of apps -- you have to remember to cancel the subscription, too. In order to do so, go to the Google Play Store's menu and navigate to the "Subscriptions" tab to remove them entirely. 

TechRepublic: Phishing, deepfakes, and ransomware: How coronavirus-related cyberthreats will persist in 2021

In related news this week, Kaspersky researchers revealed a new mobile Trojan used to spy on and steal data from over 150 Android apps. Dubbed Ghimob and believed to be the handiwork of the same threat actors behind the Astaroth malware, Ghimob is being used to try and steal banking credentials by masquerading as financial institutions across Brazil and other countries. 

ZDNet has reached out to Google and will update when we hear back. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0