A fake version of Android app "Minecraft - Pocket Edition" is found to be hosted on third-party marketplaces which contains a malware code.
These kind of fake and malicious version of apps are usually available for free. However, cyber criminals made some exception for this app which is being sold for half of the actual price of the original app.
PC Magazine reports that F-Secure researchers have discovered a trojanized version of the Minecraft PE asking users to pay 2.50 Euros- the original app costs5.49 Euros.
The cyber criminals didn't stop by just scamming with fake version, they also added malicious code. It will send SMS to premium rated phone numbers and sign up victims to expensive services.
Researchers have noticed that this malicious app is using a hacking tool called "Smalihook" to bypass "an authentication routine that causes it to fail to run if it does a certificate verification check and doesn't find the correct certificate".
The good news is that it is only hosted in some third-party app stores but not in the official Google Play store. This is one more example why you should never trust third party app stores, always download apps from Google Play.