A total of 38 Minecraft copycat games available on Google Play were found to contain the HiddenAds adware, which stealthily loads ads in the background to generate revenue for its operators. The malicious games were downloaded by roughly 35 million Android users worldwide, who did not notice the adware activity conducted in the background while they played the game.
The adware set was discovered by McAfee’s Mobile Research Team, which subsequently reported and removed all affected apps from the store. The most popular of the adware-ridden games was Block Box Master Diamond, with 10 million downloads.
The ads were loaded in the background once the user launched the game, but nothing was displayed on the game screen. Network traffic analysis showed the exchange of several questionable packets generated by ad libraries of Google, AppLovin, Unity, and Supersonic, among others. The initial network packets on several of the apps shared similar structures, using “3.txt” as the path in the form of “https://(random).netlify.app/3.txt,” although the domains in each app were different.
This suggests a possible connection between the apps, making it likely that the same author created them.
While adware apps are not particularly dangerous for users, they can reduce the performance of a mobile device, raise privacy concerns, and even potentially create security loopholes that might expose users to nastier infections. Android users should check McAfee’s report for a complete list of affected apps and manually remove them if they have not been removed already.
Mainly users from the United States, Canada, South Korea, and Brazil were affected by these adware-ridden games, with 140 million monthly active players of the original Minecraft game.
