- Check Point Research finds hundreds of malicious repositories of Github
- These are different modifications or tricks for Minecraft
- Infoster infants get Minecraft data, as well as navigator information and cryptographic wallet
Minecraft players are actively attacked by a group of cybercounts interested in their login credentials, authentication tokens and cryptographic wallet information, experts have warned.
Cybersecurity researchers Check Point Research recently discovered the large -scale operation, managed by a group called Stargazers Ghost Network, a distribution operation as an active service (DAAS) for a year, distributing malware and inftealers on behalf of other cybercriminials.
In this campaign, the Crooks abused the fact that Minecraft is one of the largest games in the world, with an active and prosperous community of players and modders. Minecraft’s modifications are additions built by players to the game and, according to the researchers, there are more than one million modders out there.
Hundreds of rest
The attackers created malicious repositories of Github, falsifying legitimate modifications and pretending to be tricks: Skyblock extras, Polar Client, Funnymap, Oringo and Taunahi, are just some of the names that make rounds.
Checkpoint says that these have had thousands of opinions about Pastebin, suggesting that the campaign is quite successful.
To make things worse, since these are built personalized to aim at Minecraft users, and since both the discharger and the malware are written in Java, they are currently not detected by all antivirus engines.
“We have identified approximately 500 GitHub repositories, including those who are fork or copied, which were part of this operation aimed at Minecraft players,” one of the researchers told researchers. Bleepingcomputer.
“We have also seen 700 stars produced by approximately 70 accounts.” The stars are used to increase the legitimacy of repositories, thus improving the possibilities of infection.
The attack is divided into two phases. The first phase is aimed at Minecraft’s account tokens and the user’s data from both the Minecraft pitcher and some third -party pitchers. It also steals information from discord and telegram.
The second stage implements a “traditional” more “” 44 caliber “Infoptealer, which steals browser data, VPN information, cryptographic wallet data and more.
