large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Minecraft Pocket Edition add-ons have been infecting Android phones with Trojan malware

Minecraft, with its blocky Scandinavian charm, is not a game you’d expect to have the potential to hijack your mobile with malware and turn it into a botnet. 

The game Microsoft acquired for £1.5bn is fairly secure, but despite that, cyber security firm Symantec has found a clutch of Minecraft-based add-ons in the Google Play Store that are harbouring malicious code for Trojan malware called Sockbot.

The Trojan links infected devices to a proxy server to surreptitiously generate advertising revenue and enslave the device as part of a botnet.

Symantec noted that the malicious add-on apps, which allow users to change the appearance of their in-game characters for Minecraft: Pocket Edition, appeared to be originally designed for generating illegitimate ad revenue, but now have more scope to power cyber attacks.

“This highly flexible proxy topology could easily be extended to take advantage of a number of network-based vulnerabilities, and could potentially span security boundaries,” Symantec’s Shaun Aimoto said. “In addition to enabling arbitrary network attacks, the large footprint of this infection could also be leveraged to mount a distributed denial of service (DDoS) attack.”

Aimoto noted that to date, Symantec has found eight Minecraft-based apps infected with the Trjoan that have a combined install base ranging from 600,000 to 2.8 million Android devices, and appears to be targeting gadgets mostly in the US but also in Russia, Ukraine, Germany, and Brazil.

After discovering the malicious apps, Symantec informed Google which stripped them from the Play Store, so mobile Minecraft fans can rest easily for the time being.

However, the cyber threat looks to have been a fairly advanced one, having managed to sneak past Google’s vetting and security processes for the Play Store by posing as legitimate add-on apps. And once the malware was on a device, it used encryption to obscure its code and avoid basic-levels of detection.

With this in mind, Symantec advises the evergreen practise of keeping your mobile software up-to-date, avoiding apps from unknown sources, paying close attention to the permissions an app wants, and of course use mobile security services.

Related: Minecraft Switch Edition review

Have you encountered any game-based malware? If so, let us know on Facebook or Twitter.  

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.