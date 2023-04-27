



By Dexter Shin

Minecraft is a popular video game that can be played on desktop or mobile. This is a sandbox game developed by Mojang Studios. The player can create and deconstruct different types of blocks in his three-dimensional world and enjoy choosing Survivor Mode to survive in the wild or Creative Mode to focus on creativity.

The popularity of Minecraft has led to numerous attempts to recreate similar games. Therefore, there are many games around the world with the same concept as Minecraft. You can also easily search for similar games on Google Play. McAfee Mobile His research team recently found 38 games with hidden ads. Spotted on the Google Play Store and installed by at least 35 million of his users worldwide, these HiddenAds applications of his have been found to covertly send packets to generate advertising revenue.

As a member of the App Defense Alliance, McAfee is focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. He reported the discovered app to Google and Google took quick action and the app is no longer available on Google Play. Android users are protected by Google Play Protect, which can alert users to malicious apps identified on their Android devices. McAfee Mobile Security detects this threat as Android/HiddenAds.BJL. For detailed and complete protection, visit McAfee Mobile Security.

How is it distributed to users?

They have been officially uploaded to Google Play under various titles and package names. Many games have already been downloaded by users, including apps that have been downloaded over 10 million times.

Figure 1. One of over 10 million downloaded apps

Also, since the game can be played, the user is unaware that his device is generating a large number of advertising packets.

Figure 2. Playable game screen

what is it for?

After the game is running, the user can play in a block-based world just like a Minecraft type game without any problem. However, I keep getting advertisement packets for different domains on my device. For example, the four packets shown in the figure are suspicious packets generated by ad libraries from Unity, Supersonic, Google, and AppLovin. Unfortunately nothing is displayed on the game screen.

Figure 3. Continuous Advertising Packet

Even more interesting are the initial network packets for these games. The structure of the initial packet is very similar. All domains are different. However, using his 3.txt as the path is equivalent. So, typically packets of the form https://(random).netlify.app/3.txt occur first. Below is an example of the first packet extracted from three different apps.

Figure 4. Initial packet format similarity

Affected users worldwide

This threat has been detected in various countries around the world. According to telemetry, this threat is most prominently detected in the United States, Canada, South Korea, and Brazil.

Figure 5. Widely affected users worldwide

As highlighted in the McAfee 2023 Consumer Mobile Threat Report, one of the most accessible content for young people using mobile devices is gaming. Malware authors are also aware of this and try to hide malicious functionality within their games. Not only are these hidden features hard for ordinary users to find, they also make it easier to trust games from official stores like Google Play.

Before downloading any application from the store, we recommend that you thoroughly check the user reviews first. Users should also install security her software on their devices and keep it up to date at all times.

