Incident: Fake Minecraft Apps Scam Users via Google Play Store.

Published Date: 2015-05-26

Postmortem Analysis
Timeline 1. The software failure incident involving fake Minecraft apps that scammed users into paying for bogus services happened in August 2014 as mentioned in Article 36250.
System 1. Google Play Store's app screening process [36250] 2. Android operating system's security measures [36250]
Responsible Organization 1. Con artists who created fake apps posing as add-ons for the Android version of Minecraft [36250] 2. Developers who uploaded the fake apps to the Google Play Store [36250]
Impacted Organization 1. Millions of people who downloaded fake apps posing as add-ons for the Android version of Minecraft were impacted by the software failure incident [36250].
Software Causes 1. The software failure incident was caused by the presence of fake apps masquerading as add-ons for the Android version of Minecraft, which were downloaded by millions of users, leading to hijacking of phones and tricking users into subscribing to a bogus antivirus service [36250]. 2. The fake apps displayed banners suggesting a handset was infected with a virus, creating a scareware tactic to prompt users to sign up and pay for a fix, which was actually a premium-rate text message subscription service [36250]. 3. The scam apps took control of users' phones, sent convincing-looking text messages, and displayed fake virus messages that appeared to be generated by the Android operating system, further deceiving users into believing their devices were infected [36250]. 4. The incident involved a total of 33 fake 'cheat' apps that were found on the Google Play Store, indicating a systematic issue with the presence of multiple malicious apps slipping through Google's app scanning process [36250].
Non-software Causes 1. The failure incident was caused by con artists creating fake apps that appeared to be add-ons for the Android version of Minecraft, tricking users into downloading them and subscribing to a bogus premium text message service [36250]. 2. The incident involved criminals hijacking phones and sending convincing-looking text messages to scare users into signing up and paying for a fix, leading to financial exploitation [36250]. 3. The fake apps displayed banners suggesting that the user's device was infected with a virus, creating a sense of urgency and fear to manipulate users into taking action [36250]. 4. The incident targeted children who play Minecraft, potentially making them more vulnerable to falling prey to the scam [36250].
Impacts 1. Millions of people downloaded fake apps that appeared to be add-ons for Minecraft on the Google Play Store, leading to potential financial scams where users were tricked into subscribing to a €4.80 weekly service masquerading as antivirus software [36250]. 2. The fake apps displayed banners suggesting that the user's device was infected with a virus, creating a sense of urgency and fear among users to sign up and pay for a fix, ultimately leading to financial losses [36250]. 3. The scam apps targeted children who play Minecraft, potentially putting them at risk of falling prey to the bogus services [36250]. 4. The incident highlighted the importance of caution when downloading apps from unofficial sources and the need to keep antivirus software up to date to prevent falling victim to such scams [36250].
Preventions 1. Implementing stricter app review processes to detect and remove malicious apps before they are published on the Google Play Store could have prevented the incident [36250]. 2. Educating users to only download apps from official sources like the Google Play Store and to be cautious of unofficial sources could have helped prevent users from falling victim to the fake apps [36250]. 3. Encouraging users to read reviews and consider app permissions before downloading could have raised awareness and prevented users from unknowingly installing malicious apps [36250]. 4. Enhancing security measures within the Minecraft platform to protect user credentials and prevent unauthorized access could have mitigated the risk of hackers gaining access to accounts [36250].
Fixes 1. Google removing the offending fake Minecraft apps from the Google Play Store and utilizing tools like Bouncer to scan apps for malicious code [36250]. 2. Google planning on introducing human auditors to further enhance app screening processes and reduce the number of bogus apps slipping through the net [36250]. 3. Users refraining from downloading apps from unofficial sources and keeping antivirus software up to date, as advised by security expert Lukas Stefanko [36250].
References 1. Security expert Lukas Stefanko [36250] 2. Heise Online [36250] 3. Hot for Security blog [36250] 4. Microsoft spokesperson [36250]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization a) The software failure incident related to fake Minecraft apps that hijacked phones and tricked users into subscribing to a bogus antivirus service occurred multiple times within the same organization, Microsoft. Security expert Lukas Stefanko identified more than 30 fake apps in the Google Play Store related to Minecraft, collectively downloaded between 600,000 and 2.8 million times [36250]. b) The incident of fake apps scamming users into paying for bogus services has also happened at multiple organizations or with their products and services. A total of 33 fake 'cheat' apps were found since the first was generated in August 2014, indicating a broader trend of such malicious apps targeting users beyond just the Microsoft-owned Minecraft game [36250].
Phase (Design/Operation) design, operation (a) The software failure incident in the articles can be attributed to the design phase. The incident involved fake apps masquerading as add-ons for the Android version of Minecraft, which were downloaded by millions of users. These apps hijacked phones, displayed fake virus messages, and tricked users into subscribing to a premium-rate text message service under the guise of antivirus software. The apps were designed to deceive users by displaying convincing banners and messages, ultimately leading them to pay for bogus services [36250]. (b) The software failure incident can also be linked to the operation phase. Users were misled by the fake apps during the operation of their devices. The apps took control of the phones, sent fake virus messages that appeared genuine, and coerced users into signing up for a premium text message subscription service. This operation phase failure resulted in users being scammed into paying for services they did not need, highlighting the impact of the deceptive operation of the malicious apps [36250].
Boundary (Internal/External) within_system (a) within_system: The software failure incident described in the articles is primarily due to factors originating from within the system. The fake Minecraft apps that were downloaded by millions of users from the Google Play Store appeared to offer ways to cheat in the game but instead hijacked phones and threatened users into subscribing to a bogus antivirus service [36250]. These apps displayed banners suggesting that the user's device was infected with a virus, leading them to sign up and pay for a fix, which was actually a premium-rate text message subscription service. The apps took control of the phones, sent convincing-looking text messages, and tapped into the phone's text message system to deceive users into paying for the fake service. This behavior indicates that the failure was caused by malicious actions within the software itself, designed to deceive and exploit users.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in Article 36250 occurred due to non-human actions. Specifically, fake apps that appeared to be add-ons for the Android version of Minecraft were downloaded by millions of people. These apps hijacked phones, displayed fake virus messages, and tricked users into subscribing to a premium-rate text message service masquerading as antivirus software. The apps were designed to deceive users through automated processes and did not require human interaction to carry out the scam [36250]. (b) The software failure incident in Article 36250 did involve human actions in the sense that the fake apps were created and uploaded to the Google Play Store by individuals. However, the failure itself, which involved the apps misleading users and scamming them into paying for bogus services, was primarily driven by the deceptive design and functionality of the apps rather than direct human actions during the scam process [36250].
Dimension (Hardware/Software) software (a) The software failure incident reported in the articles is primarily related to software issues rather than hardware. The incident involved fake apps masquerading as add-ons for the Android version of Minecraft, which hijacked phones and tricked users into subscribing to a bogus antivirus service [36250]. The fake apps displayed banners suggesting a device was infected with a virus, leading users to sign up for a premium-rate text message subscription service. This indicates a failure in the software design and functionality rather than a hardware-related issue. (b) The software failure incident in question is attributed to software issues. The incident involved the distribution of fake apps on the Google Play Store that misled users into paying for bogus services under the guise of antivirus solutions [36250]. These apps exploited users by displaying fake virus messages and encouraging them to subscribe to premium text message services. The incident highlights a failure in the software development and security measures rather than hardware-related problems.
Objective (Malicious/Non-malicious) malicious (a) The software failure incident described in the articles is malicious in nature. Fake apps that appeared to be add-ons for the Android version of Minecraft were downloaded by millions of people, hijacking phones and threatening users into subscribing to a weekly service masquerading as antivirus software [36250]. The fake apps displayed banners suggesting a handset had been infected with a virus to scare users into signing up and paying for a fix. The apps sent convincing-looking text messages that appeared to be from Android, encouraging people to sign up for a premium-rate text message subscription service. This malicious behavior was intentional and aimed at deceiving users for financial gain.
Intent (Poor/Accidental Decisions) poor_decisions (a) The intent of the software failure incident was due to poor_decisions. The incident involved fake apps masquerading as add-ons for the Android version of Minecraft, which were downloaded by millions of users. These apps hijacked phones, displayed fake virus messages, and tricked users into subscribing to a premium-rate text message service under the guise of antivirus software. The apps were designed to scare users into paying for a fix they did not need, indicating a deliberate and malicious intent behind the creation and distribution of these fake apps [36250]. (b) The software failure incident was not due to accidental_decisions but rather a deliberate and deceptive scheme orchestrated by the creators of the fake Minecraft apps to scam users into paying for bogus services under false pretenses.
Capability (Incompetence/Accidental) development_incompetence, unknown (a) The software failure incident related to development incompetence is evident in the case of the fake Minecraft apps that were downloaded by millions of users. These fake apps, disguised as add-ons for the Android version of Minecraft, were designed to deceive users into subscribing to a premium-rate text message service under the guise of antivirus software. The apps displayed fake virus messages and scareware banners to trick users into paying for a fix, exploiting their fear of malware infections. The apps were uploaded to the Google Play Store by different developer accounts but were likely created by one person, indicating a deliberate attempt to deceive users [36250]. (b) The accidental software failure aspect is not explicitly mentioned in the articles provided.
Duration permanent (a) The software failure incident described in the articles is more of a permanent nature. The incident involved fake apps masquerading as add-ons for the Android version of Minecraft, which were downloaded by millions of users. These apps hijacked phones, displayed fake virus messages, and tricked users into subscribing to a premium-rate text message service. The incident was not a one-time occurrence but rather a series of 33 fake apps found since August 2014, indicating a persistent issue [36250]. The incident highlights a significant security threat that persisted over time, affecting a large number of users and potentially leading to financial harm.
Behaviour crash, omission, value, byzantine, other (a) crash: The fake Minecraft apps mentioned in the article caused phones to be hijacked and displayed banners suggesting a handset had been infected with a virus, leading users to believe their devices were compromised. This behavior can be considered a form of a crash as the system lost control and did not perform its intended functions but instead displayed false information to scare users [36250]. (b) omission: The fake Minecraft apps omitted to perform their intended functions of providing cheat codes or add-ons for the game. Instead, they misled users into subscribing to a premium-rate text message service under the guise of antivirus software, which was not the actual functionality users were seeking [36250]. (c) timing: There is no specific mention of a timing-related failure in the articles provided. (d) value: The fake Minecraft apps misrepresented themselves by displaying false virus messages and encouraging users to sign up for a premium-rate text message subscription service, which was not the correct or intended function of the apps. This behavior can be categorized as a value-related failure where the system performed its functions incorrectly by deceiving users [36250]. (e) byzantine: The fake Minecraft apps exhibited a form of deceptive behavior by taking control of users' phones, sending convincing-looking text messages, and displaying banners suggesting virus infections. This inconsistent and misleading behavior can be considered a form of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions [36250]. (f) other: The fake Minecraft apps also engaged in scareware tactics by covering the screen with flashing adverts, displaying fake alerts about device infections, and tapping into the phone's text message system to deceive users into signing up for a bogus premium text message service. This manipulative and deceptive behavior can be considered as another form of failure where the system behaves in a way not described in the options (a to e) [36250].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident involving fake Minecraft apps on the Google Play Store led to users being scammed into subscribing to a €4.80 weekly service masquerading as antivirus software. The apps hijacked phones, displayed fake virus messages, and coerced users into signing up for a premium-rate text message subscription service, resulting in financial loss for the affected individuals [36250].
Domain entertainment (a) The software failure incident reported in the articles is related to the entertainment industry, specifically the popular game Minecraft, which is owned by Microsoft. The incident involved fake apps masquerading as add-ons for Minecraft on the Google Play Store, which were downloaded by millions of users, leading to scams and subscription services [36250].

Sources

Back to List