50,000 Minecraft users infected with hard drive wiping malware

Here is why you should avoid downloading mods and skins for games especially Minecraft, at least for now.

Nearly 50,000 Minecraft users have been infected with a nasty piece of malware that aims at reformatting hard drives, wiping out backup data from the targeted system along with deleting other important files.

The malware was discovered by IT security researchers at Avast’s Threat Labs who noted that its prime target is those Minecraft users who have downloaded “skins” in PNG file format to alter the default look of a character in Minecraft.

Apparently, these malicious “skins” contain a malicious Powershell script prompting the malware to delete user data and reformat their system’s hard drive. The malware infection also starts tourstart.exe loop which thwarts the performance of the target system.

Furthermore, victims have witnessed receiving silly messages on their Minecraft account inbox indicating that the whole campaign is based on trolling users. The message shared by Avast’s researchers are:

“You Are Nailed, Buy A New Computer This Is A Piece Of Sh*t” “You have maxed your internet usage for a lifetime” “Your a** got glued.”

However, trolling apart, researchers have blocked 14,500 infection attempts against Minecraft users in the last 10 days which shows that users are at all time high risk of being infected with this malware.

50,000 Minecraft users infected with hard drive wiping malware
Link to the malicious site dropping malware

According to Avast’s malware analyst Alexej Savcin, “The malicious code is largely unimpressive and can be found on sites that provide step-by-step instructions on how to create viruses with Notepad.”

“While it is fair to assume that those responsible are not professional cybercriminals, the bigger concern is why the infected skins could be legitimately uploaded to the Minecraft website. With the malware hosted on the official Minecraft domain, any detection triggered could be misinterpreted by users as a false positive,” said Savcin.

Remember, Minecraft has over 74 million players worldwide making it a lucrative target for malicious hackers and cybercriminals. Today it is an annoying malware deleting your data but tomorrow it could be a ransomware taking over your system and forcing you to pay the ransom.  

Avast has already informed Minecraft’s developers at Mojang and hopefully, the company will come up with a solution soon. Meanwhile, users are advised to avoid installing Minecraft skins on their system until the issue is fixed.

This, however, is not the first time when Minecraft users are in the news for all the wrong reasons. Previously, millions of Minecraft users were forced to change their passwords after Lifeboat suffered a data breach and its data was being sold on the Dark Web.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.