A version of Minecraft - Pocket Edition that costs half as much as the original and comes embedded with a Trojan virus is being circulated through third-party app stores, reports F-Secure.
The app is currently making the rounds on Russian app stores, according to F-Secure, and is being sold for €2.50 — whereas the real Minecraft for Android costs €5.49.
The malicious app includes the full game plus one additional permission that grants the app access to utilize users' phones to send text messages. These messages are sent to "premium rate numbers" in Russia and could do a number of things, such as sign users up for service subscriptions to adding more charges to users' phone bills.
F-Secure reports that Minecraft developers Mojang included some security measures in Pocket Edition, including a failsafe that won't run the app unless it detects Mojang's sign-in signature in its code.
"The original Minecraft includes a check inside the dex code that verifies the signature that has been used to sign the APK," F-Secure explains. "If it's not [Mojang's], the code refuses to run." But the creator of the Trojan attached to the fake Minecraft includes a tool that tricks this failsafe and allows it to run.
Users should beware this cheaper app and enable default restriction for installation of third-party applications on mobile devices.