- Check Point Research finds hundreds of malicious GitHub -Stockers
- These mimic different mods or cheating to minecraft
- The InfoTeals grab minecraft -Data as well as browser and crypto -teegog information
Minecraft players are actively targeted by a group of cyber criminals who are interested in their login -credentials, approval token and crypto -design book information, experts have warned.
CyberSecurity scientists Check Point Research recently discovered the large operation run by a group called Stargazers Ghost Network, a distribution-as-a-service (DAAS) operation active for a year now distributing malware and info-teals on behalf of other cyber criminals.
In this campaign, Crooks abused the fact that Minecraft is one of the biggest games in the world, with an active, thriving community of players and moders. Minecraft-Mods are player-built additions to the game, and according to the researchers, there are more than a million counterpers out there.
Hundreds of repos
The attackers created malicious github storage, forgery of legitimate mods and pretending to be cheats: Skyblock Extras, Polar Client, Funnymap, Oreingo and Taunahi, are just some of the names making rounds.
Checkpoint says these have had thousands of views on Pastebin, suggesting that the campaign is pretty successful.
To make things worse as this is custom built to target Minecraft users, and since both downloader and malware are written in Java, they are currently undiscovered by all antivirus engines.
“We have identified about 500 GITHUB stocks, including those who are fork or copied, which were part of this operation aimed at Minecraft players,” one of the researchers told Bleeping computer.
“We’ve also seen 700 stars produced by about 70 accounts.” Stars are used to increase the legitimacy of the depots, which improves the chances of infection.
The attack is divided into two stages. The first phase targets the Minecraft account and user data from both Minecraft launcher and some third-party lagacets. It also steals Discord and Telegram Information.
The second phase exposes a more “traditional” infoTeals called “44 caliber” that steals browser data, VPN information, crypto -tevebog data and more.
