Minecraft users targeted by criminals posing as game coders

Minecraft users are being targeted by criminals posing as game coders online.
Analysts tracked two pieces of malware spread by what appears to be Russian gangs on the code-sharing site GitHub, , according to cybersecurity firm Check Point.
Its researchers said: "The malware is developed by a Russian-speaking threat actor and contains several artefacts written in the Russian language."
Thousands of Minecraft users have already been tricked into using the malware, which is designed to steal from bank accounts, cryptocurrency wallets, browsers and other computer applications.
Graeme Stewart, head of public sector at Check Point, said it was similar to the way "gangs operate to take down retail... they create this and then they flood it out to people and people then use it".
He described them as "modern-day bank heist guys".
"They're just in it for the money," he said. "They're scraping these details from Minecraft to get into people's crypto wallets, trying to steal bank details, trying to commit bank fraud."
The hacking software is hidden within the code of Minecraft modifications, which are pieces of code that allow users to change the game.
Minecraft allows users to modify the game as they play - players can do anything from fixing bugs to changing how the game looks.
2:27
But when players download the malicious code and place it into their Minecraft application, they don't get the ability to create "funny maps" or modify the game as promised.
Instead, the next time they load Minecraft, the malware will trigger, and soon, "it will start actively stealing data", according to Mr Stewart.
"Most people have got their cards saved onto their browser and things like that, it'll start stealing that, names, addresses, emails, bank details, anything.
"If anyone's got a crypto wallet that they use through the browser, then it'll steal that as well."
"It's like a digital verruca, it buries itself into the machine and then starts sucking the information out," said Mr Stewart.
Of the 200 million people thought to play Minecraft every month, around one million modify the game, and a lot of the code they use to do that is posted on GitHub.
According to Ofcom, around 1.7 million gamers play Minecraft in the UK.
A Minecraft spokesperson told Sky News that player safety is a "top priority for us" and the company is "committed to investigating reported security violations".
"When we receive reports of content that does not comply with our usage guidelines, we take action as appropriate," they said.
"We encourage players to report any suspicious content through our official website and leverage our resources to make informed choices."
Hackers are increasingly targeting gamers in this way, with the UK's National Cyber Security Centre warning families to stay alert to dangerous downloads like this.
"There were some of us who thought it was only a matter of time before this particular vulnerability starts getting exposed en masse," said Dr Harjinder Lallie, a cyberattack academic at the University of Warwick.
"That's where we're going now."
Although children may fall prey to this kind of attack, the group Dr Lallie and his colleagues worry about more are "young adults who have admin [rights] on their own computer".
"They're just a bit more savvy. They really want that mod; they want those extra features. And if it means [they] have to turn off the Microsoft Defender system for two minutes while [they] install it, then [they'll] turn it off, install that mod, and then turn it back on afterwards. By that time, the damage has been done," said Dr Lallie.
The users mentioned in the report had already had their accounts disabled and GitHub told Sky News it is "committed to investigating reported security issues".
"We disabled user accounts in accordance with GitHub's Acceptable Use Policies, which prohibit posting content that directly supports unlawful active attack or malware campaigns that are causing technical harms," said a spokesperson.
The company also has teams dedicated to finding and removing malicious content as well as using AI and humans to monitor the site at scale, according to the spokesperson.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Daily Mail​

5 hours ago

• Daily Mail​

Apple and Google passwords exposed

Cybersecurity researchers have uncovered what they are calling the 'mother of all breaches.' They discovered a massive collection of 30 databases containing more than 16 billion individual records, including passwords, for government accounts, Apple, Google, Facebook, Telegram and more websites. Some of the datasets had vague names like 'logins' or 'credentials,' which made it hard for the team to figure out exactly what they contained. Others, however, gave clues about where the data came from. According to the researchers, the records were most likely compiled by cybercriminals using various infostealing malware , though they noted that some data may also have been collected by so-called 'white hat' hackers. The team at Cybernews, which found the records, said the information available to the wider internet was only briefly, before being locked down, but it is not possible to determine who owned the databases. With more than 5.5 billion people worldwide using the internet, researchers warned that a staggering number of individuals likely had at least some of their accounts compromised. They are now urging users across the globe to change their passwords immediately to protect their data from falling into the hands of cybercriminals. 'The inclusion of both old and recent infostealer logs makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices,' the researchers said. Cybernews noted that its researchers identified a database of 184 million records that was previously uncovered in May, found by data breach hunter and security researcher Jeremiah Fowler. 'It barely scratches the top 20 of what the team discovered,' Cybernews explained. 'Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent infostealer malware truly is.' The database of 184 million records not only contained secure login data for millions of private citizens, but also had stolen account information connected to multiple governments around the world. While looking at a small sample of 10,000 of these stolen accounts, Fowler found 220 email addresses with .gov domains, linking them to more than 29 countries, including the US, UK, Australia, Canada, China, India, Israel, and Saudi Arabia. 'This is probably one of the weirdest ones I've found in many years,' Fowler told WIRED . 'As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal's dream working list,' the cybersecurity expert continued. In total, Fowler discovered 47 gigabytes of data with sensitive information for accounts on various sites, including Instagram, Microsoft, Netflix, PayPal, Roblox, and Discord. The best action to take right now is to change your passwords if you use any of these platforms and also activate Two-Factor Authentication, which adds another layer of security to logging in by sending a secure code to your phone or email. The unprotected database was managed by World Host Group, a web hosting and domain name provider founded in 2019. It operates over 20 brands globally, offering cloud hosting, domain services, and technical support for businesses of all sizes. Once Fowler confirmed that the exposed information was genuine, he reported the breach to World Host Group, which shut down access to the database. Seb de Lemos, CEO of World Host Group, told WIRED: 'It appears a fraudulent user signed up and uploaded illegal content to their server.' Fowler said 'the only thing that makes sense' is that the breach was the work of a cybercriminal because there's no other way to gain that much access to information from so many servers around the world. The cybersecurity expert warned that this particular breach also poses a major national security risk. Exploiting government email accounts could allow hackers and foreign agents access to sensitive or even top-secret systems. The stolen data could also be used as part of a larger phishing campaign, using one person's hacked account to gain private information from other potential victims.

Daily Mail​

8 hours ago

• Daily Mail​

'Mother of all data breaches' sees Internet users urged to act after Apple and Google passwords are exposed

Cybersecurity researchers have uncovered what the call the 'mother of all breaches' with the discovery of a collection of 30 databases that contain over 16 billion individual records, including passwords, for government accounts as well as social media log ins for Apple, Google, Facebook, Telegram, and others. Some of the datasets had vague names such as 'logins' or 'credentials', which made it hard for the team to figure out exactly what they contained but some gave clues about where the data came from. According to the researchers, the records were most likely compiled by cybercriminals using various info-stealing malware, though they noted that some data may also have been collected by so-called 'white hat' hackers. Also known as ethical hackers, 'white hat' hackers were security professionals who use their manipulating skills to identify vulnerabilities and weaknesses in computer systems, networks, and software - with the permission of the system's owner. The team at Cybernews, which found the records, said the information available to the wider Internet was only briefly, before it was locked down, but it's not possible to determine who owned the databases. With over 5.5 billion people worldwide using the Internet, researchers warned that a staggering number of individuals probably had some of their accounts compromised. Users across the globe were urged to change their passwords immediately to protect their data from falling into the hands of cybercriminals. Researchers said: 'The inclusion of both old and recent info-stealer logs makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices.' Cybernews noted that its researchers identified a database of 184 million records that was previously uncovered in May, found by data-breach hunter and security researcher Jeremiah Fowler. The security site said: 'It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent info-stealer malware truly is.' The May discovery not only contained secure login data for millions of private citizens, but also had stolen account information connected to multiple governments around the world. While looking at a small sample of 10,000 of these stolen accounts, researcher Fowler found 220 email addresses with .gov domains, linking them to over 29 countries, including the U.S., UK, Australia, Canada, China, India, Israel, and Saudi Arabia. Fowler told WIRED: 'This is probably one of the weirdest ones I've found in many years. 'As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal's dream working list.' In total, Fowler discovered 47 gigabytes of data with sensitive information for accounts on sites including Instagram, Microsoft, Netflix, PayPal, Roblox, and Discord. The best action to take to protect your accounts would be to change the passwords and activate Two-Factor Authentication, which added another layer of security to logging in by sending a secure code to your phone or email. The unprotected database was managed by World Host Group, a web-hosting and domain name provider founded in 2019. Once Fowler confirmed that the exposed information was genuine, he reported the breach to World Host Group, which shut down access to the database. World Host Group's Seb de Lemos told WIRED: 'It appears a fraudulent user signed up and uploaded illegal content to their server.' Fowler added that 'the only thing that makes sense' is that the breach was the work of a cybercriminal because there's no other way to gain that much access to information from so many servers around the world. The cybersecurity expert warned that the breach also posed a major national security risk. Exploiting government email accounts could allow hackers and foreign agents access to sensitive or even top-secret systems. The stolen data could also be used as part of a larger phishing campaign, using one person's hacked account to gain private information from other potential victims.

The Independent

9 hours ago

• The Independent

Billions of login credentials have been leaked online, Cybernews researchers say

Researchers at cybersecurity outlet Cybernews say that billions of login credentials have been leaked and compiled into datasets online, giving criminals 'unprecedented access' to accounts consumers use each day. According to a report published this week, Cybernews researchers have recently discovered 30 exposed datasets that each contain a vast amount of login information — amounting to a total of 16 billion compromised credentials. That includes user passwords for a range of popular platforms including Google, Facebook and Apple. Sixteen billion is roughly double the amount of people on Earth today, signaling that impacted consumers may have had credentials for more than one account leaked. Cybernews notes that there are most certainly duplicates in the data and so 'it's impossible to tell how many people or accounts were actually exposed.' It's also important to note that the leaked login information doesn't span from a single source, such as one breach targeting a company. Instead, it appears that the data was stolen through multiple events over time, and then compiled and briefly exposed publicly, which is when Cybernews reports that its researchers discovered it. Various infostealers are most likely the culprit, Cybernews noted. Infostealers are a form of malicious software that breaches a victim's device or systems to take sensitive information. Many questions remain about these leaked credentials, including whose hands the login credentials are in now. But, as data breaches become more and more common in today's world, experts continue to stress the importance of maintaining key 'cyber hygiene.' If you're worried about your account data potentially being exposed in a recent breach, the first thing you can do is change your password — and avoid using the same or similar login credentials on multiple sites. If you find it too hard to memorize all your different passwords, consider a password manager or passkey. And also add multifactor authentication, which can serve as a second layer of verification through your phone, email or USB authenticator key.