More than 55 million men, women, and children play Minecraft in an average month. Many of those players enjoy using “mods,” third party tools that further customize the game, to tweak things to their liking.

Children play the Minecraft video game at a Microsoft Store. Photographer: David Ryder/Bloomberg

Different mods can change Minecraft in all kinds of ways. Often it’s as simple as altering a player’s in-game appearance (a process known as “skinning”). When you’ve got 55 million people playing a game where they can build a unique digital world, it’s to be expected that they’ll want to put a personal stamp on their avatars.

It’s an opportunity that cybercriminals seized upon recently, according to security researchers with Symantec. Software quality assurance engineer Shaun Aimoto reported on the company blog that a handful of mods for Minecraft: Pocket Edition were hijacking player’s smartphones and tablets and using them to power a ad fraud botnet.

According to Aimoto, the malicious apps were distributed via the Google Play store and advertised as character “skins.” Based on the numbers shown in the apps’ descriptions, Symantec believes that somewhere between 600,000 and 2.5 million (primarily U.S.-based) Minecraft players installed the shady apps.

While the primary purpose of the mobile malware is to generate fraudulent ad revenue for its criminal creator, it could evolve into something even more dangerous. Because it’s now running on a large number of devices and has access to network connections, the malware could potentially be used to launch crippling DDoS attacks.

Gamers are often targeted by cybercriminals because some of them engage in incredibly risky online behaviors. Some seek out tools for removing copy protection from games or generating free in-game currency. Hackers respond by leaving booby-trapped versions of games on filesharing sites and torrent trackers.

Other gamers — like the ones victimized by the malware Symantec found — find themselves in the crosshairs simply because cybercriminals know just how popular mods and skins are. And they also know that many of the gamers looking for such tools are young enough to not understand that someone lurking in the shadowy corners of the internet wants to prey on their fondness for a popular video game.

The answer, Symantec says: keep a good malware scanner installed on your devices, make sure it’s up to date, and always check the permissions a new app requests before you install it. A simple Minecraft skinning app, for example, should never need to access your location data like this one did.

Millions Of Mobile Minecraft Players Tricked Into Installing Malware