The underground Android application market is booming. More and more pirated games are available for direct download on the net. One such game, the cloned Minecraft PE, is causing extensive damage all across the globe. Users of the Trojanized version are advised to uninstall the game immediately.
The temptation is irresistible for any hardcore gamer. When costly games are available at a discount or even for free, downloading via the black-market becomes a no-brainer for many. But what is often forgotten is that mobile security is seriously compromised.
The aforementioned Trojanized version of Minecraft PE, which is still available in various Russian pirate app stores, is a huge security risk. Available for 2.50 Euros, this cloned version infiltrates the system and exploits the victims’ cell phones.
Minecraft Pocket Edition (PE) is basically the mobile version of the classic Minecraft game. Released in late 2011, the game has become a huge fan favorite on the Android platform. It currently costs $ 6.99 on the official Google Play Store and boasts a download count of over a million. But this also means more clones and rip-offs are on the black markets.
As mentioned above, the underground community is lured into buying the pirate game with the attractive price tag, which is less than half of what is demanded on the official Play Store. The unfortunate buyers do get to play the real game and enjoy the experience, but what they don’t know is that their devices get contaminated with vicious malware.
Besides the instant pay they receive, the malware owners also get access to the exploited phones. An extra permission, android.permission.SEND_SMS, is squeezed into the installation process. This allows the hackers to send out text messages from the hacked phones and sign up for costly services and subscriptions without the victim’s knowledge.
The security steps to be taken are obvious and known to many, but often overlooked. Make sure you use only authorized applications from the Play Store and be aware of the permissions asked during the installation process. Android’s open-platform characteristics are not security friendly and users must always be careful with the apps they install.
Source – Mobile Threat
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.