Security Affairs reports that malicious cheat tool-impersonating Java or .NET stealers spread through the Stargazers distribution-as-a-service network have been compromising Minecraft players with multi-stage malware since March.
Intrusions begin with the manual installation of the counterfeit Oringo and Taunahi mods, which download a second-stage stealer and another .NET-based stealer upon opening Minecraft, according to a Check Point Research analysis. While the second-stage payload facilitates Minecraft and Discord data exfiltration, the subsequent stealer pilfers cryptocurrency wallets, browser credentials, VPN details, and other information, noted Check Point researchers, who added that the nefarious archives have mostly remained undetected as a result of incomplete dependencies. "The threat actor behind these campaigns is likely of Russian origin. This case highlights how popular gaming communities can be exploited as effective vectors for malware distribution, emphasizing the importance of caution when downloading third-party content," said the report.
Intrusions begin with the manual installation of the counterfeit Oringo and Taunahi mods, which download a second-stage stealer and another .NET-based stealer upon opening Minecraft, according to a Check Point Research analysis. While the second-stage payload facilitates Minecraft and Discord data exfiltration, the subsequent stealer pilfers cryptocurrency wallets, browser credentials, VPN details, and other information, noted Check Point researchers, who added that the nefarious archives have mostly remained undetected as a result of incomplete dependencies. "The threat actor behind these campaigns is likely of Russian origin. This case highlights how popular gaming communities can be exploited as effective vectors for malware distribution, emphasizing the importance of caution when downloading third-party content," said the report.
