By Abdul Wasay ⏐ 6 months ago ⏐ Newspaper Icon Newspaper Icon 2 min read
Minecraft Mods Infected With Stealer Malware Via Stargazers Network

Security researchers at Check Point Research have uncovered a dangerous campaign distributing Minecraft mod malware through GitHub repositories. Which not only concerns cybersecurity experts but gamers everywhere.

The campaign, dubbed the Stargazers Ghost Network, targets unsuspecting players by disguising malware as popular modding tools like Oringo and Taunahi. Once installed, these infected mods silently deploy credential-stealing malware on the victim’s system.

How the Minecraft Mod Malware Works

The infection begins when players manually install seemingly harmless .jar mod files from GitHub. These files act as loaders, initiating a multi-stage malware chain that downloads and executes Java-based and .NET-based information stealers.

Detecting analysis tools or virtual machines is the primary goal of the first phase. It then retrieves a second-stage payload from Pastebin if none are detected. Data from custom launchers like Lunar, Feather, and Essential, as well as Minecraft session tokens and Discord credentials, are among the sensitive information that this malware harvests.

The second stage then triggers a third payload that dives even deeper (written in .NET). It targets browser passwords, cryptocurrency wallets, VPN credentials, and more. The stolen data is zipped and sent via Discord webhooks, all while evading antivirus detection.

Why This Mod Malware Is So Dangerous

Most scanning systems do not support the Minecraft Forge runtime environment, which the malware uses to evade sandbox analysis, according to Check Point. The phony mods looked real because they were hosted on GitHub, and the social proof was provided by the many star repositories.

Moreover, researchers discovered evidence that linked the threat actor to Russia. Code comments, UTC+3 commit timestamps, and Pastebin usernames like “JoeBidenMama” point to a developer with Russian as a primary language.

The malicious pastes of this campaign had over 1,500 hits, suggesting a widespread potential for infection.

Stay Safe: Tips for Minecraft Players

  • Only download mods from trusted sources like CurseForge or official developer sites.

  • Never run .jar files unless you fully trust the source.

  • Use antivirus software that supports Java threat detection.

  • Monitor mod behavior closely after installation.

Abdul Wasay

Abdul Wasay explores emerging trends across AI, cybersecurity, startups and social media platforms in a way anyone can easily follow.

Latest News

Gold and Silver Prices in Pakistan Today, 5th December, 2025
Gold and Silver Prices in Pakistan Today, 5th December, 2025
Air Punjab
Bangladesh Set to Resume Direct Flights to Pakistan After Years
PTA
PTA Announces Temporary DIRBS Suspension: Mobile Registration Service to Pause During Dec 6–7
Saudi Arabia Extends 3 Billion Deposit With Pakistan Support To National Forex Reserves
Saudi Arabia Extends $3 Billion Deposit with Pakistan, Support to National Forex Reserves
Nepra Slashes K Electric Tariffs And Tightens Loss Targets
NEPRA Interim Tariff Review: Exporters Warn Rs55/kWh Risk
CDA
CDA Seals Housing Society Over Excess File Sales in Islamabad
Google Year In Search 2025 Gemini Ai Dominate Global Trends
Google Year in Search 2025: Gemini & AI Dominate Global Trends
Pakistan Introduces Stricter Regulations For Used Car Imports
Pakistan Introduces Stricter Regulations For Used Car Imports
Airsial Passengers Left Behind At Islamabad Airport
AirSial Launches Direct Flights from Lahore & Islamabad to Abu Dhabi
Who Are The Two Pakistanis Named In Forbes 30 Under 30 Asia 2026 List And Why
Who Are The Two Pakistanis Named in Forbes 30 Under 30 Asia 2026 List, And Why?
Battlefield 6 Overhauls Rush Breakthrough In Major Winter Update
Battlefield 6 Overhauls Rush & Breakthrough in Major Winter Update
Punjab Epa Cracks Down On Smoke Emitting Vehicles In Anti Smog Campaign
Punjab EPA Cracks Down on Smoke-Emitting Vehicles in Anti-Smog Campaign
Telenor Asia Welcomes Ccp Approval Of Ptcl Telenor Merger Awaits Pta Nod
PTA Imposes Stringent Safeguards as PTCL Gets Conditional Approval to Acquire Telenor Pakistan