A rogue version of Minecraft: Pocket Edition for Android comes complete with malware that is costing gamers money every time they play.
It’s a simple trick: The fake version of the game is selling for just 2.50 Euro, which is less than half the price of the real game (5.49 Euro). Bargain-minded gamers are picking up the cheaper version – which still works – and wondering why their bills are suddenly so high.
Once downloaded and installed, the trojan hidden inside the game hooks into the phone’s SMS messaging services, and promptly sends premium-rate messages to Russian telephone numbers. The scammers own the premium numbers and get paid per message, so the money starts rolling in almost instantly – in some cases, the message even contains code to donate more money, using a system similar to that employed by the Red Cross for emergencies.
As if that wasn’t enough, the malware also hooks into the MSM messaging service system, sending more unintended messages from the phone and even signing users up for services (often expensive) that the phone owner has not approved.
Minecraft developer Mojang anticipated something like this happening, and put code into the game to prevent access to the SMS service in the Android version of the game. The game checks the signature used in development – if it’s not from the correct developer, the SMS function will not run. It seems that these particular ill-meaning types were one step ahead, second-guessing this failsafe.