Hackers are attacking Minecraft to push malware once again

Modders are being targeted with infostealers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers were seen, once again, usingMinecraftto distribute infostealers among the gaming community, capable of hijacking cryptocurrency transactions, stealing Discord authentication tokens, as well as cookies and login data saved in browsers.

According to cybersecurity researchers at Bitdefender, unknown hackers managed to compromise several developer accounts on CurseForge and Bukkit. These are modding communities where Minecraft fans meet to build and share various mods and plugins for the popular sandbox game.

The mods and plugins found on those accounts were then infected with the abovementioned infostealing malware. Given that they were subsequently added to different modpacks, their downloads are being counted in the millions, the researchers are saying.

Active development

Active development

The analysts claim that the earliest signs of the malware were detected in April 24, 2023. This version lacked many of the features it now has, suggesting that the attackers are actively developing the malware.

At the moment, the attackers are targeting mostly Linux and Windows endpoints, with the majority of victims being located in the United States. The researchers are also saying that the infostealer has a unique feature that targets modders and developers, exclusively.

This Android malware is so dangerous, even Google is worried>These malicious Android apps have been downloaded over a million times>Check out the best firewalls around

In the later stages of infection, the malware will go for Windows Sandbox instances, which the mods usually use for testing. It will try to constantly infect the clipboard, in an attempt to infect the host.

“This behavior is isolated to Windows Sandbox, as it is the only virtualization environment that allows alteration of the host clipboard contents when the virtual machine is running in the background,” the researchers said.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So far, “dozens” of mods and plugins were found to be compromised with this malware, the report concludes. The full list of the affected plugins can be found onthis link.

Minecraft is an immensely popular sandbox game, with currently more than 140 million active players.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Beaming content to your Apple TV is about to get a whole lot better thanks to macOS Sequoia’s AirPlay upgrade