Compromised files uploaded to official Minecraft site

Apr 19, 2018 06:13 GMT  ·  By

Approximately 50,000 Minecraft accounts have been infected with malware that can format users’ hard drives, delete backup data, and remove system applications, according to a research from security vendor Avast.

The malware was uploaded to the official Minecraft side packed in player skins, which players could then download to activate in their game installs.

The infection consisted of a PowerShell script that could be blocked by up-to-date antivirus solutions, and Avast says that the malicious code is rather simple and isn’t the work of professional cybercriminals.

“The bigger concern is why the infected skins could be legitimately uploaded to the Minecraft website. With the malware hosted on the official Minecraft domain, any detection triggered could be misinterpreted by users as a false positive,” Avast says.

Once a computer is compromised by the malware, users could see messages like “You Are Nailed, Buy A New Computer This Is A Piece Of Sh*t,” “You have maxed your internet usage for a lifetime,” and “Your a** got glued.”

Mojang working on a fix

In some cases, a substantial performance slowdown is also noticed, as it’s caused by a process called tourstart.exe, and Avast says that users might also see an error message related to disk formatting. The malware attempts to format the drives and remove backup images, but the process could be blocked and fail with the said error.

Mojang is already aware of the infection and is working on fixing the vulnerability that allows cybercriminals to use its servers to distribute malware.

Avast explains that while the typical antivirus should be able to detect the infection and remove it, additional mitigation might sometime be required.

“In some cases, the Minecraft application may require reinstallation. In more extreme circumstances where user machines have already been infected with the malware and systems files have been deleted, data restoration is recommended,” the firm concludes.