Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Fake Minecraft Mods On GitHub Spread Malware

June 19, 2025
Reading Time: 2 mins read
in Alerts
Fake Invoices Deliver Sorillus RAT In Europe

A new multi-stage malware campaign is currently targeting many different Minecraft users with a sophisticated Java-based malware. The campaign uses a distribution-as-a-service (DaaS) offering which is known by the name Stargazers Ghost Network. Check Point researchers said this campaign specifically targets Minecraft users with malware that impersonates popular tools like Oringo and Taunahi. The end goal of the attack is to trick players into downloading a Minecraft mod from GitHub to deliver a .NET information stealer. This malware has comprehensive data theft capabilities, and the campaign was first detected by the cybersecurity company in March of 2025.

What makes this particular activity notable is its use of the illicit offering called the Stargazers Ghost Network by the attackers.

This network makes use of thousands of different GitHub accounts to set up many tainted repositories that masquerade as cracked software. These malicious repositories, which are disguised as Minecraft mods, serve as a conduit for infecting users of the popular video game. They deliver a Java loader, for example “Oringo-1.8.9.jar,” that currently remains undetected by all antivirus engines as of this writing. The Java archive files also implement simple anti-VM and anti-analysis techniques to sidestep any possible detection efforts by security researchers.

The main objective of the initial Java loader is to download and run another JAR file, a second-stage stealer payload.

This second-stage component is retrieved from an IP address that’s stored in Base64-encoded format on the website Pastebin. This effectively turns the legitimate paste tool into what is known as a dead drop resolver for the malicious malware. Besides downloading the final .NET stealer, the second-stage stealer is also equipped to steal Discord and Minecraft tokens. It can also steal Telegram-related data from the compromised computer, which gives the attackers significant access to user accounts. This multi-stage approach complicates detection.

The .NET stealer, which is the final payload, is capable of harvesting credentials from various different web browsers and gathering files. It also steals information from cryptocurrency wallets and other popular apps like Steam, and also the FTP client FileZilla. It can also take screenshots of the user’s screen and amass information related to all of the currently running processes. The captured information is eventually bundled up and then transmitted back to the attacker via a Discord webhook for their use. This campaign is suspected to be the work of a Russian-speaking threat actor owing to the presence of several Russian artifacts.

  • Minecraft Players Targeted By Malware Hidden In Fake Mods On GitHub
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJune 2025
ADVERTISEMENT

Related Posts

Phishing Targets Belgian Grand Prix Fans

Gaming Mouse Software Spreads Xred Malware

July 29, 2025
Phishing Targets Belgian Grand Prix Fans

Phishing Targets Belgian Grand Prix Fans

July 29, 2025
Phishing Targets Belgian Grand Prix Fans

macOS Flaw Bypasses TCC, Exposes Data

July 29, 2025
Scattered Spider Hits ESXi Servers

Scattered Spider Hits ESXi Servers

July 28, 2025
Scattered Spider Hits ESXi Servers

Malware Hides in Fake Dating Apps

July 28, 2025
Scattered Spider Hits ESXi Servers

Post SMTP Bug Exposes 200K Sites

July 28, 2025

Latest Alerts

Phishing Targets Belgian Grand Prix Fans

Gaming Mouse Software Spreads Xred Malware

macOS Flaw Bypasses TCC, Exposes Data

Post SMTP Bug Exposes 200K Sites

Malware Hides in Fake Dating Apps

Scattered Spider Hits ESXi Servers

Subscribe to our newsletter

    Latest Incidents

    Cathay Apologizes Over Asia Miles Breach

    Pro‑Ukraine Hackers Hit Aeroflot Servers

    GitHub Outage Disrupts Global Core Services

    Cyberattack Hits French Naval Group

    Tea App Leak Exposes 13K Women Users

    Allianz Life Data Breach Hits Majority

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial