Minecraft鈥檚 nasty new attackers.
SOPA Images/LightRocket via Getty Images
Minecraft players are under attack 鈥 but not in the usual way. A new report warns players are at risk with some real-world consequences if they鈥檙e caught out. This is one of the most popular games in the world 鈥 the threat is serious.
鈥淲ith approximately 65% of Minecraft鈥檚 player base under the age of 21,鈥 Check Point says, 鈥渢he platform presents an attractive target for cyber criminals looking to exploit a large, engaged, and often less-protected audience.鈥
That last point is critical. Minecraft is hugely popular amongst kids, which is one of the least cyber aware groups around. Casual downloads from a wide array of websites haunts parents the world over. And attackers know this all too well.
ForbesDo Not Install These Apps On Your iPhone Or Android PhoneBy Zak Doffman
BBC News says 鈥渢he game seems able absorb the attention of children for up to hours at a time 鈥 no mean feat in our distraction-filled age. Some parents fear their children鈥檚 interest in Minecraft can border on obsession, or even addiction, as they struggle to tear them away from the computer screen.鈥
Play Puzzles & Games on Forbes
FEATURED | Frase ByForbes鈩
Unscramble The Anagram To Reveal The Phrase
Pinpoint By Linkedin
Guess The Category
Queens By Linkedin
Crown Each Region
Crossclimb By Linkedin
Unlock A Trivia Ladder
Set against the backdrop of the game, the movie and even the Happy Meal, Check Point now warns it has 鈥渦ncovered a multistage malware campaign in which the malware itself was embedded within fake Minecraft mods, shared on GitHub to specifically target active players.鈥 And that includes all those young players.
The attack is built around 鈥渁 Java downloader, a second-stage stealer, and a final advanced stealer that harvests passwords, crypto wallets, and other sensitive data.鈥 And while many of the players may not have much in the way of crypto and high-value passwords themselves, often the shared devices they鈥檙e using will do.
Check Point says more than a million Minecraft players 鈥渁ctively mod Minecraft.鈥 It has become part of the landscape, opening the door to random installs and downloads. 鈥淧art of its appeal comes from the ability to customize and enhance the game through mods, user-created tools that improve gameplay, fix bugs, and add new content.鈥
Check Point says this is 鈥渓ikely鈥 Russian villainy at work. 鈥淩ussian-language comments and behavior aligned with the UTC+3 time zone suggest the malware was developed by a Russian-speaking attacker.鈥
Check Point detected a campaign against players using the Stargazers Ghost Network, which it says 鈥渙perates under a distribution-as-a-service (DaaS) model, leveraging multiple GitHub accounts to spread malicious links and malware at scale.鈥
Masquerading as cheat tools like Oringo and Taunahi, the files 鈥渓ook legitimate, targeting players seeking new tools and enhancements. In reality, they contain a Java-based downloader, a small piece of malware designed to quietly install additional malicious software on the victim鈥檚 device.鈥
The mod is coded to check whether it鈥檚 operating in a virtual environment 鈥 which might mean a security analyst鈥檚 machine 鈥 to avoid detection. 鈥淚f no virtual environment or analysis tools are detected, it proceeds to the next phase.鈥
This second-stage is the download of a malware payload 鈥渄esigned to steal sensitive information. This is followed by a third and final component: a more advanced spyware tool capable of harvesting credentials from web browsers, cryptocurrency wallets, and applications such as Discord, Steam, and Telegram.鈥
ForbesDo Not Use These Networks On Your Smartphone, Warns GoogleBy Zak Doffman
The malware can even capture screenshots from a user鈥檚 device and transmit this to its handlers. 鈥淪tolen data is discreetly bundled and exfiltrated via Discord, a tactic that allows the activity to blend in with legitimate traffic.鈥
Minecraft is the perfect 鈥減layground for cyber criminals,鈥 given its install base, the ease of pushing out downloads, and the cyber naivety of many users. 鈥淏ecause files often appear harmless and can slip past traditional defenses, any Minecraft player is at risk.鈥
The researchers warn users to do the following:
鈥淥nly download mods from trusted, verified sources.
Be skeptical of tools that promise cheats, hacks, or automation features.
Keep your antivirus and system software up to date.
If something seems too good to be true, it probably is.鈥
Editorial StandardsReprints & Permissions