Minecraft, first released in 2009, is an open-ended video game that allows users to craft their own 3D world. It is currently the bestselling game of all time with more than 200-million copies sold as of May 2020. Given its immense popularity, it’s not surprising bad actors online would attempt to exploit the game to further their own objectives.

Kaspersky researchers recently discovered more than 20 apps available for download on the Google Play store that claimed to be modpacks (collections of user-created packages that add additional gameplay elements, such as additional textures for crafting buildings) for the game. However, in actuality, they were distributing adware: software that bombards users with unwanted ads, disrupting their normal use of devices.

Upon downloading the modpack, users would be able to open the app once – enough to notice that it doesn’t actually download any mods. Upon closing the app, its icon disappears on the phone, leading the user to forget it was there in the first place.

However, in actuality, it has not disappeared but is hard at work in the background. The app then begins to display highly intrusive ads. The fake modpacks analysed opened a browser window every two minutes and had the ability to open Google Play and Facebook and even play YouTube videos – interfering with users’ use of their smartphone.

Fortunately, the malicious modpack doesn’t try to restore itself once it’s deleted, but it can be hard to locate. Since the icon is not present on the home screen, users have to first remember that they downloaded the app and then locate it in their device settings to delete it.

The least “popular” modpack had been downloaded 500 times, while the most popular had more than 1-million installations.

Google has been notified and has removed all the malicious applications.

“These types of malicious apps are particularly troublesome because they’re targeting children and teens – many of whom are likely unaware of how to spot potentially malicious apps or how to remove them,” comments Igor Golovin, security expert at Kaspersky.

“In addition, because the apps can open the smartphone’s browser, Facebook or YouTube, users might assume the problem rests with these applications, rather than a modpack they might not remember they downloaded.

“Parents should teach their kids to always be careful about which apps they download and make sure their children’s devices have a security solution installed.”