A group of 38 Minecraft-like games available on Google Play have been found to contain the Android adware ‘HiddenAds,’ which discreetly loads ads in the background to generate revenue for its operators.
Minecraft, a popular sandbox game with a monthly active player base of 140 million, has inspired various game publishers to create similar games.
These adware-infected Minecraft clones were downloaded by approximately 35 million Android users worldwide, primarily from the United States, Canada, South Korea, and Brazil. Users were unaware of the malicious adware activity occurring in the background, as the games appeared to function as promised. Any signs of overheating, increased network data, or battery consumption caused by excessive ad loading may have been attributed to the game itself.
The adware set was discovered by McAfee’s Mobile Research Team, a member of the App Defense Alliance formed to protect Google Play from all types of threats.
Upon reporting, all the apps were promptly removed from the store. The most popular apps from this malicious set, which have now been removed, included:
- Block Box Master Diamond – 10 million downloads
- Craft Sword Mini Fun – 5 million downloads
- Block Box Skyland Sword – 5 million downloads
- Craft Monster Crazy Sword – 5 million downloads
- Block Pro Forrest Diamond – 1 million downloads
- Block Game Skyland Forrest – 1 million downloads
- Block Rainbow Sword Dragon – 1 million downloads
- Craft Rainbow Mini Builder – 1 million downloads
- Block Forrest Tree Crazy – 1 million downloads
The advertisements are loaded silently in the background once the user launches the game, without any visible display on the game screen.
Network traffic analysis has revealed questionable packets exchanged by ad libraries associated with Google, AppLovin, Unity, Supersonic, and others. McAfee’s report indicates that several of the apps exhibit similar network structures, using “3.txt” as the path in the form of “https://(random).netlify.app/3.txt,” although the domains differ for each app. This suggests a possible connection between the games and potentially indicates a shared authorship. However, McAfee does not explicitly confirm any definitive links.
While adware apps may not pose significant risks to users, they can hamper device performance, raise privacy concerns, and potentially create security vulnerabilities that may expose users to more severe infections. Android users are advised to review McAfee’s report for a comprehensive list of affected apps and manually remove them if they have not already been eradicated.