Minecraft players watch out - these fake mods are hiding password-stealing malware

5 hours ago 7

Best cheap game server hosts appeals to Minecraft users

(Image credit: Mojang)

Check Point Research finds hundreds of malicious GitHub repositories
These impersonate different mods or cheats for Minecraft
The infostealers grab Minecraft data, as well as browser and crypto wallet information

Minecraft players are being actively targeted by a group of cybercriminals interested in their login credentials, authentication tokens, and crypto wallet information, experts have warned.

Cybersecurity researchers Check Point Research recently discovered the large-scale operation, run by a group called the Stargazers Ghost Network, a distribution-as-a-service (DaaS) operation active for a year now, distributing malware and infostealers on behalf of other cybercriminals.

In this campaign, the crooks abused the fact that Minecraft is one of the largest games in the world, with an active, thriving community of players and modders. Minecraft mods are player-built additions to the game and as per the researchers, there are more than a million modders out there.

Hundreds of repos

The attackers created malicious GitHub repositories, spoofing legitimate mods, and pretending to be cheats: Skyblock Extras, Polar Client, FunnyMap, Oringo, and Taunahi, are just some of the names making rounds.

CheckPoint says these have had thousands of views on Pastebin, suggesting that the campaign is rather successful.

To make matters worse, since these are custom-built to target Minecraft users, and since both the downloader and the malware are written in Java, they are currently going undetected by all antivirus engines.

"We have identified approximately 500 GitHub repositories, including those that are forked or copied, which were part of this operation aimed at Minecraft players," one of the researchers told BleepingComputer.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

"We've also seen 700 stars produced by approximately 70 accounts." Stars are used to boost the legitimacy of the repositories, thus improving the chances of infection.

The attack is split into two phases. The first phase targets Minecraft account tokens, and user data from both the Minecraft launcher, and some third-party launchers. It also steals Discord and Telegram information.

The second stage deploys a more “traditional” infostealer called “44 Caliber”, which steals browser data, VPN information, crypto wallet data, and more.

Experts warn GTA and Minecraft being used to lure in cyberattack victims - here's how to stay safe
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article