F-Secure researchers warn Android users of a malicious version of Minecraft PE that’s currently served on some Russian third-party application marketplaces.
Experts have told SecurityWatch that the fake Minecraft version is advertised for half the price of the genuine game. However, the fact that users end up paying for a rogue variant of the game is not the only problem.
When it’s installed, the malicious app asks for permission to send SMSs, which means that it can be used by cybercriminals to make a profit by sending text messages to premium rate numbers.
The developers of Minecraft, Mojang, have included a mechanism to ensure that the application can’t be tampered with. However, cybercriminals have managed to bypass the system.
In order to avoid installing such trojanized games on their Android phones, users are advised to download programs only from trusted websites. Furthermore, during the installation process, if the game requests too many permissions, it’s likely not genuine.
Technical details on this threat are available on F-Secure’s website.