‘Minecraft Mods Attack’ target: Android Devices

According to researchers, fake Minecraft Modpacks are present on Google Play that delivers millions of abusive ads and makes normal phone use impossible. Scammers are taking advantage by developing Google Play apps which appear to be Minecraft modpacks but instead deliver abusive ads.


Minecraft is a problem-solving game aimed at kids and teens where players create their own worlds. Its original version, called Java Edition, was first released by Mojang Studios in 2009. 

The skills players build playing Minecraft have been touted by parents and educators as beneficial for kids, which has likely contributed to the game’s success. 


Because Minecraft was designed in Java, it was easy for third-party developers to create compatible applications or “modpacks” to enhance and customize the gaming experience for players.



According to Gamepedia, there are more than 15,000 modpacks for Minecraft available. Among those at least 20 were identified as malicious.

Although most of the Google Play has been removed approx 5 apps are still up and available. The malicious titles are:

  • Zone Modding Minecraft
  • Textures for Minecraft ACPE
  • Seeded for Minecraft ACPE
  • Mods for Minecraft ACPE
  • Darcy Minecraft Mod






The installation activity of these 20 malicious mods is so high. As the most popular had more than 1 million installs while the least popular was downloaded 500 times.


What is happening?

Once the modpack malware is installed on the Android device, it only allows itself to be opened once, according to Kaspersky. And once opened, the app is glitchy and useless — exactly how it’s intended to work. Because the ‘modpack’ seemed glitchy from the start, most users, especially kids and teens, won’t waste time looking for it.

The frustrated user closes the app, which promptly vanishes. Although its icon disappears from the smart phone’s menu, the app still runs in the background, working overtime to deliver ads.

These malicious apps can automatically open a browser window with ads every two minutes. In addition to the browser, the apps can open Google Play and Facebook or play YouTube videos, depending on the [command-and-control] server’s orders. 

Whatever the case, the constant stream of full-screen ads makes the phone practically unusable.


How to Get Rid of Mod Malware

Researchers said users can reinstall the browser or mess with the settings but that won’t get rid of the malware either. First, the user needs to identify the malicious app. The device will display a full list of apps under settings, (Settings → Apps and notifications → Show all apps). Delete the app from this list and the malware should be gone.

By taking these steps the misbehaving modpacks get removed entirely with deletion and do not try to restore themselves.


Signs of Malicious Apps

Avoiding malicious apps can be easier if parents and kids know where to look exactly. Two of the malicious modpacks may have different publishers, but the descriptions are identical.

We can also take advantage of the app ratings. It offers a clue that something is fishy. Kaspersky pointed out that the average rating was in the three-star neighbourhood, but that’s because there were extreme reviews on either end of the spectrum, one-star or five-stars.

The cybercriminals are targeting kids and teenagers, who may not pay attention to ratings and reviews before installing an app.

Popular kids games have been attracting the attention of scammers in general over the past few months.




  • Users are advised to check the application rating before download it.
  • It is highly recommended to delete applications seriously by the right process. (Settings → Apps and notifications → Show all apps). Do not just delete by clicking the application.
  • Check the application’s piracy. Make sure it is an actual and original app.
  • Always close the app completely not only press the home key of smart phones.
  • Do not give unnecessary permissions to the app.