McAfee has revealed that dozens of Minecraft-like mobile games downloaded by tens of millions of Google Play users actually contained hidden adware.
The security provider discovered a total of 38 games with titles such as Block Box Master Diamond, Craft Monster Crazy Sword and Craft Rainbow Mini Builder, which were installed by at least 35 million users worldwide.
Detected by McAfee as Android/HiddenAds.BJL, the adware in question loads ads in the background, hidden from the user, in order to generate revenue.
“One of the most accessible [types of] Content for young people using mobile devices is games. Malware authors are also aware of this and try to hide their malicious functions within games,” explained McAfee security researcher Dexter Shin.
“Not only is it difficult for general users to find these hidden features, but they can easily rely on games from official stores like Google Play.”
More on mobile threats: Researchers find 35 adware apps on Google Play.
McAfee discovered hidden ad packs generated by the Unity, Supersonic, Google and AppLovin ad libraries when it analyzed the games.
“What’s even more interesting are the initial network packets of these games,” Shin argued. “The initial package structure is very similar. All domains are different. But using 3.txt as the path is equivalent. That is, packages in the form of https://(random).netlify.app/3 .txt usually appear first.”
Although users worldwide were affected by this HiddenAds campaign, it seems that the largest number were located in the US, Canada, South Korea, and Brazil.
“We first recommend that users thoroughly check user reviews before downloading apps from the store. And users should install security software on their devices and always maintain [it] per day,” Shin concluded.
This is far from the first time the HiddenAds trojan has appeared in mobile apps. In November last year, Malwarebytes discovered malware hidden in four apps that had been downloaded from Google Play at least one million times.
In this campaign, the malicious apps in question opened phishing sites in Chrome on victims’ devices.
HiddenAds was one of the most prolific malware detected in the fourth quarter of 2020, according to McAfee.
Ikaroa, a full stack technology company, is taking a close look at the recent news involving clones of video game Minecraft with 35 million installs containing adware.
Adware is malicious software that displays unwanted advertisements on devices without permission. It can also track user data for potential misuse. As malicious software, adware often poses a risk to user privacy and security.
Clones of the popular video game, Minecraft, have recently flooded app stores such as Google Play. These clones contained adware, allowing them to generate revenue from advertisement. By using adware, cloned versions of popular apps can disguise themselves as legitimate apps to generate downloads.
Google released a statement saying that it had removed the two developer teams responsible for the clones and disabled the apps.
Ikaroa reminds its customers to stay mindful that a few bad actors can cause undue risk to users’ data and privacy. It’s important to protect your device and data, by paying close attention to what apps are installed and downloading apps directly from the official app stores.
