- Research on the control point finds hundreds of malicious github standards
- These pretend to be different mods or cheaters for Minecraft
- Infostelars enter Minecraft data, as well as Crypto browser and wallet information
Minecraft players are actively targeted by a group of cybercriminals interested in their connection identification information, authentication tokens and cryptographic portfolio information, experts warned.
Cybersecurity researchers Check Point Research recently discovered the large -scale operation, managed by a group called Stargazers Ghost Network, a distribution operation as an active service (DAAS) for a year now, distributing malware and infosteralists on behalf of other cybercriminals.
In this campaign, the Crooks abused the fact that Minecraft is one of the largest games in the world, with an active and flourishing community of players and modders. Minecraft mods are additions to players to the game and according to researchers, there are more than a million modders.
Hundreds of rest
The attackers have created malicious GitHub standards, the usurpation of legitimate mods and pretending to be cheaters: locking extras, the polar customer, Funnymap, Oringo and Taulahi, are only a few of the names.
Checkpoint says that they have had thousands of views on Pastebin, which suggests that the campaign is rather successful.
To make things worse, because these are tailor-made to target minecraft users, and as the downloader and malware is written in Java, they are currently not detected by all antivirus engines.
“We have identified around 500 GitHub standards, including those who are forked or copied, which were part of this operation intended for Minecraft players,” said one of the researchers Bleeping Compompute.
“We have also seen 700 stars produced by around 70 accounts.” The stars are used to stimulate the legitimacy of the benchmarks, thus improving the chances of infection.
The attack is divided into two phases. The first phase targets Minecraft account tokens and user data from the Minecraft launcher and a few third -party launchers. He also steals discord and telegram.
The second step deploys a more “traditional” infosteator called “caliber 44”, which steals browser data, VPN information, crypto portfolio data, etc.
