Imagine you’re a sneaky coder trying to spread malware. You could target anyone, but going after kids who love video games is like picking the easiest target. That’s what’s happening with a new wave of spyware sneaking into Minecraft mods on GitHub.
According to Check Point Research (reported by Bleeping Computer), a shady group called the “Stargazers Ghost” network, likely based in a Russian-speaking country, is behind this. They’re slipping spyware into Minecraft mods to grab login details for the game, third-party launchers, social media, and text apps. It doesn’t stop there—their second wave of malware digs deeper, snatching passwords, browser data, and even cryptocurrency info.
How It’s Spreading
This malware is hiding in over 500 GitHub repositories, tucked inside Minecraft Java installers that can slip past antivirus programs. Hosting this stuff on GitHub, which Microsoft owns just like Minecraft, is extra sneaky. GitHub’s techy look might make kids or less tech-savvy folks think it’s a safe place to download mods, unlike some random sketchy website.
GitHub does try to catch malware on its platform, but their security team is often outmatched by the sheer number of attackers or clever campaigns like this one.
Staying Safe
To keep yourself or your kids safe, I suggest checking GitHub pages carefully before downloading mods and testing them on a throwaway account first. Another option? Lock down your kid’s computer and stick to the official mods in Minecraft’s “Bedrock Edition.”
Terefos told The Hacker News that they flagged "approximately 500 GitHub repositories, including those that are forked or copied," adding "We've also seen 700 stars produced by approximately 70 accounts."
These malicious repositories, masquerading as Minecraft mods, serve as a conduit for infecting users of the popular video game with a Java loader (e.g., "Oringo-1.8.9.jar") that remains undetected by all antivirus engines as of writing.
Comments