Minecraft Mods Infected with Stealer Malware via Stargazers Network

By Abdul Wasay ⏐ 8 months ago ⏐ Newspaper Icon 2 min read
Minecraft Mods Infected With Stealer Malware Via Stargazers Network

Security researchers at Check Point Research have uncovered a dangerous campaign distributing Minecraft mod malware through GitHub repositories. Which not only concerns cybersecurity experts but gamers everywhere.

The campaign, dubbed the Stargazers Ghost Network, targets unsuspecting players by disguising malware as popular modding tools like Oringo and Taunahi. Once installed, these infected mods silently deploy credential-stealing malware on the victim’s system.

How the Minecraft Mod Malware Works

The infection begins when players manually install seemingly harmless .jar mod files from GitHub. These files act as loaders, initiating a multi-stage malware chain that downloads and executes Java-based and .NET-based information stealers.

Detecting analysis tools or virtual machines is the primary goal of the first phase. It then retrieves a second-stage payload from Pastebin if none are detected. Data from custom launchers like Lunar, Feather, and Essential, as well as Minecraft session tokens and Discord credentials, are among the sensitive information that this malware harvests.

The second stage then triggers a third payload that dives even deeper (written in .NET). It targets browser passwords, cryptocurrency wallets, VPN credentials, and more. The stolen data is zipped and sent via Discord webhooks, all while evading antivirus detection.

Why This Mod Malware Is So Dangerous

Most scanning systems do not support the Minecraft Forge runtime environment, which the malware uses to evade sandbox analysis, according to Check Point. The phony mods looked real because they were hosted on GitHub, and the social proof was provided by the many star repositories.

Moreover, researchers discovered evidence that linked the threat actor to Russia. Code comments, UTC+3 commit timestamps, and Pastebin usernames like “JoeBidenMama” point to a developer with Russian as a primary language.

The malicious pastes of this campaign had over 1,500 hits, suggesting a widespread potential for infection.

Stay Safe: Tips for Minecraft Players

  • Only download mods from trusted sources like CurseForge or official developer sites.

  • Never run .jar files unless you fully trust the source.

  • Use antivirus software that supports Java threat detection.

  • Monitor mod behavior closely after installation.

Abdul Wasay

Abdul Wasay explores emerging trends across AI, cybersecurity, startups and social media platforms in a way anyone can easily follow.

Latest News

Crypto Stocks Rally After Bitcoin Reaches 125k Once More

Bitcoin vs Gold: BTC Emerges as Stronger Buying Opportunity Than 2017 Data Shows

Private Schools In Punjab Announce New Timings

Private Schools in Punjab Announce New Timings

Health Cards Announced For Islamabad Lawyers

Health Cards Announced for Islamabad Lawyers

Govt Revises Mbbs Admission Policy 2026 For Private Colleges

Govt Revises MBBS Admission Policy 2026 for Private Colleges

Nadra Revises B Form Application Fees For June 2025

NADRA Corrects Alive Wife’s Death Certificate After Minister Intervention

Pakistans Export Leaders 2025 Textile Sector Stay On Top

Pakistan’s Export Leaders 2025: Textile Sector Stay on Top

Government Sets Up First Agriculture Food And Drug Authority To Improve Food Safety

Government Sets Up First Agriculture Food and Drug Authority to Improve Food Safety

Pakistan Senate Moves To Streamline Nab Investigations

Pakistan Senate Moves to Streamline NAB Investigations

Sindh Cracks Down On Unfit Vehicles Rs 820m In Fines Issued

Sindh Cracks Down on Unfit Vehicles, Rs 820m in Fines Issued

iPhone 18 series

Here Are the iPhone 18 Series Specs We Know So Far

KP Moves to Curb Use of High-Beam Vehicle Lights in Peshawar

Canada Offers Technical Assistance for Pakistan’s Mineral Industry

Kp Announces Auction Of 40 Personalized Vehicle Numbers On Feb 14

KP Announces Auction of 40 Personalized Vehicle Numbers on Feb 14

Get Alerts