Over 600,000 Android users afflicted by fake Minecraft scareware apps
Research conducted by security software manufacturer ESET found that over 600,000 Android users have been infected with "scareware" from malicious applications that masqueraded as cheats for popular open-world builder Minecraft.
While the applications themselves aren't inherently dangerous, they displayed banners that would try and convince users that their phone was infected with a virus. Once pressed, the banner would direct users to a premium-rate SMS subscription service billed at EUR€4.8 per week, pretending to be a legitimate antivirus provider. Without the user's explicit permission, the apps cannot sign a victim up for this service, hence the use of social engineering.
Over 30 fake Minecraft apps listed in the Google Play Store shared this functionality, but have since been removed.
ESET malware researcher Lukas Stefanko recommends Android users refrain from downloading apps from unofficial sources. In Google Play, the app's publisher is listed under the app's name; this can assist a user in determining whether or not a download is a legitimate offering.
In March 2015, Google announced that all apps submitted to Google Play would be reviewed by humans, in order to decrease the number of malicious applications on the store.