Latest news with #CheckPointResearch
Yahoo
14 hours ago
- Yahoo
Why You Should Never Click Old Discord Invite Links
If you've received an invite link to Discord but never used it to join that specific server, don't click through it weeks or months later. As Bleeping Computer reports, hackers have repurposed Discord invite links that have expired or been deleted to deliver malware, including infostealers and keyloggers. How Discord links are spreading malware The malware campaign, identified by Check Point Research, capitalizes on a flaw in how Discord handles invite links, which can be temporary or permanent or, for paid servers with Level 3 Boost status, customized. URLs to join regular Discord servers are randomly generated and unlikely to ever repeat, but vanity links—as well as expired temporary invite links and deleted permanent invite links—can be claimed and reused. Discord also allows invite codes with uppercase letters to be recycled in vanity links with lowercase letters while the original is still active. This means that hackers can redirect users to malicious servers via links originating from legitimate Discord communities. These links are being shared on social media and official community websites. When a user clicks the stolen link, they land on a Discord server that looks authentic and prompts them to verify their identity to unlock access. The verification link launches a ClickFix web page, which indicates that a (fake) CAPTCHA has failed to load and directs the user to "verify" by manually running a Windows command. This executes a PowerShell script, which downloads and installs the malware. The payload itself may include malicious programs—like AsynchRAT, Skuld Stealer, and ChromeKatz—that allow keylogging, webcam or microphone access, and infostealing to harvest browser credentials, cookies, passwords, Discord tokens, and/or crypto wallet data. According to Check Point's analysis, the malware has numerous features that allow it to evade detection by antivirus tools. The report also notes that while Discord took action to mitigate this specific campaign, the risk of similar bots or alternative delivery methods still exists. How to avoid malicious Discord links First and foremost, be wary of old Discord invite links, especially those posted on social media or forums weeks or months back. (Temporary invite URLs on Discord can be set to expire within 30 minutes or up to a default of seven days.) Don't click links from users you don't know and trust, and request a new invite rather than relying on an old one. You should use caution when engaging with verification requests, especially those that prompt you to copy and run manual commands on your device. ClickFix attacks via fake CAPTCHA requests abound, and any verification that tells you to execute a Run command is not legit. If you run a Discord server, use permanent invite links, which are harder to steal and repurpose than temporary or custom URLs.
Hindustan Times
a day ago
- Hindustan Times
Downloading Minecraft mods? You could be letting hackers into your system
Minecraft fans, if you love trying out new mods, here's something you need to hear. Hackers are now targeting players by hiding malware inside fake Minecraft mods, and it's not just about ruining your game. These fake mods are after your personal data, your logins, and even your crypto wallets. Sounds wild, right? This isn't just a rumour - Check Point Research, a well-known cybersecurity team, has dug into this campaign and shared their findings in a detailed report. What's really happening? Cybercriminals have set up a network called Stargazer's Ghost Network. Since March 2025, they've been focusing on Minecraft's huge modding community, especially those who look for mods and cheat tools on GitHub. Their method is simple but effective. They upload fake mods that look like popular cheat tools, hoping players will download them without thinking twice. Once you do, the real trouble starts. How the attack works These fake mods are written in Java and only work if you already have Minecraft installed. That means they're not just sending this malware out to everyone - they're targeting actual players. When you run one of these mods, it quietly checks if it's on a real computer or just a security lab's virtual machine. If it decides it's safe, it downloads more malware and starts digging through your files. What can be stolen? This malware is not picky. It can grab your browser passwords, your Discord and Steam logins, your cryptocurrency wallet details, and even Telegram info. It also takes screenshots and collects details about your computer. All this stolen data is sent out using Discord webhooks, which helps the hackers avoid being detected by regular security tools. The attack is smart enough to avoid virtual machines, so it's clear these hackers know what they're doing. How big is the problem? Check Point Research estimates that more than 1,500 Minecraft players have already been affected by this scam since it started. The hackers, who are believed to be from Russia based on clues in their files and their activity times, are using hundreds of GitHub accounts to spread these fake mods. With so many accounts and fake mods floating around, it's easy for even careful players to get caught if they're not paying close attention. How to keep yourself safe Only download mods from official sites or creators you trust. Avoid cheat tools and anything that promises shortcuts or unrealistic features. Keep your computer and antivirus software updated at all times. If a download feels suspicious, just skip it. It's not worth the risk. Minecraft is about creativity and having fun, but hackers are always looking for new ways to spoil the party. This campaign is a reminder that even in gaming, you need to be careful about what you download and where you get it from. Always double-check your sources, and don't let anyone mess with your game or your data. So next time you're searching for that cool new mod, remember this warning. First Published Date: 20 Jun, 17:49 IST
The Irish Sun
2 days ago
- The Irish Sun
All 200 million Minecraft players risk having money stolen in seconds in ‘undetected' attack – avoid common game mistake
MILLIONS of Minecraft players are at risk of having their sensitive information stolen in the recent "undetected" attack. All 200 million users could have their money stolen after a research has uncovered a "malicious" campaign. Advertisement 1 Millions of Minecraft users risk having money stolen in a recent attack Credit: Alamy CheckPoint Research has revealed through their investigation that Minecraft users are being targeted through mods. The popular game allows players a creative freedom via mods, which are additions to a game made by fans. Minecraft players can download mods to enhance their gaming experience but they have to be careful. When you install a new mod, you could be inviting a virus onto your computer. Advertisement read more on tech According to CheckPoint Research, a large-scale malicious campaign has been targeting mods to infect people's devices. The malware has been spread through Minecraft modding system as well as GitHub. A network of Github accounts, dubbed Stargazers Ghost Network, has been impersonating popular cheats and scripts 'Oringo and Taunahi'. They provided mods which appeared legitimate as multiple accounts starred them. Advertisement Most read in Tech The first and second stages of the attack are developed in Java and can only be executed if the host computer has the Minecraft runtime. These files would then carry out a "multi-stage attack" to breach systems and steal victims' personal information. AT&T Hack Exposes FBI Communications: Espionage Fears Rise Since March 2025, Check Point Research has been attempting to monitor these "malicious GitHub repositories." The malware has gone undetected by all antivirus engines on VirusTotal as they are specifically targeted at Minecraft users. Advertisement Their research listed all the information that may be stolen, including private conversations sent through Discord, cryptocurrency wallets, browser logins, and much more. Gamers have been warned to exercise caution when downloading third-party content. It comes after exposed as many as 16 billion logins for Apple, Facebook and Google users. It's one of the largest data breaches in history giving hackers "unprecedented access" to your personal info and online accounts, experts warn. Advertisement Logins for Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, GitHub and various government services in more than 29 countries, including the UK and US, have also been affected.
The Sun
2 days ago
- The Sun
All 200 million Minecraft players risk having money stolen in seconds in ‘undetected' attack – avoid common game mistake
MILLIONS of Minecraft players are at risk of having their sensitive information stolen in the recent "undetected" attack. All 200 million users could have their money stolen after a research has uncovered a "malicious" campaign. 1 CheckPoint Research has revealed through their investigation that Minecraft users are being targeted through mods. The popular game allows players a creative freedom via mods, which are additions to a game made by fans. Minecraft players can download mods to enhance their gaming experience but they have to be careful. When you install a new mod, you could be inviting a virus onto your computer. According to CheckPoint Research, a large-scale malicious campaign has been targeting mods to infect people's devices. The malware has been spread through Minecraft modding system as well as GitHub. A network of Github accounts, dubbed Stargazers Ghost Network, has been impersonating popular cheats and scripts 'Oringo and Taunahi'. They provided mods which appeared legitimate as multiple accounts starred them. The first and second stages of the attack are developed in Java and can only be executed if the host computer has the Minecraft runtime. These files would then carry out a "multi-stage attack" to breach systems and steal victims' personal information. AT&T Hack Exposes FBI Communications: Espionage Fears Rise Since March 2025, Check Point Research has been attempting to monitor these "malicious GitHub repositories." The malware has gone undetected by all antivirus engines on VirusTotal as they are specifically targeted at Minecraft users. Their research listed all the information that may be stolen, including private conversations sent through Discord, cryptocurrency wallets, browser logins, and much more. Gamers have been warned to exercise caution when downloading third-party content. It comes after a colossal leak exposed as many as 16 billion logins for Apple, Facebook and Google users. It's one of the largest in history giving hackers "unprecedented access" to your personal info and online accounts, experts warn. Logins for Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, GitHub and various government services in more than 29 countries, including the UK and US, have also been affected.
Time of India
3 days ago
- Time of India
Minecraft players beware, hackers using fake mods to steal login data and more
Image via Mojang Cybercriminals are actively exploiting the popularity of Minecraft and its modding community to spread malware disguised as game enhancements, a report claims. This hacking campaign is reportedly targeting players with fake mods that can steal personal data, including cryptocurrency wallets and login credentials. According to a report by Check Point Research (CPR), cybersecurity researchers started tracking this campaign in March and identified a network called Stargazer's Ghost Network . This network operates under a distribution-as-a-service (DaaS) model that uses multiple GitHub accounts to widely distribute malicious links and malware, the report claims. How cybercriminals are attacking Minecraft players As per the report, these attacks use a multistage approach designed to covertly infect users' machines. The malware is often disguised as popular cheat tools within the Minecraft community, such as Oringo and Taunahi. The initial stages of the malware are written in Java and require Minecraft to be pre-installed on the victim's device, ensuring the attackers target active players, the report notes. Since March 2025, cybercriminals have been spreading malware disguised as Minecraft mods on GitHub, the report highlights. These fake mods, which mimic popular cheat tools, contain a Java-based downloader that initiates a multi-stage attack. After verifying the environment isn't a virtual machine, the malware downloads further payloads to steal sensitive data, including credentials from browsers, crypto wallets, and apps like Discord and Steam. It can also take screenshots and gather system info, the report warns The stolen data is then exfiltrated through Discord to evade detection. Over 1,500 devices are estimated to have been affected. The campaign, likely of Russian origin based on file comments and time zone activity, underscores the risks of downloading third-party content. Users have been advised to stick to verified mod sources, avoid cheat-related tools, and keep their systems updated.
