This article details a large-scale malware campaign targeting Minecraft players through malicious mods and cheats, resulting in the theft of credentials, tokens, and cryptocurrency wallets. The campaign, conducted by the Stargazers Ghost Network, exploits the Minecraft modding ecosystem and platforms like GitHub to distribute infostealers. #StargazersGhost #MinecraftMalware
Keypoints
- The campaign uses fake GitHub repositories disguised as popular Minecraft mods and cheats to infect devices.
- The malware chain involves downloading stages from Pastebin and executing Java and .NET-based stealer payloads.
- The infostealers target a wide range of data, including account tokens, browser credentials, cryptocurrency wallets, and VPN info.
- The operators are believed to be Russian, based on code comments and commit timestamps.
- Users are advised to download mods only from trusted sources and verify repository activity before installing.