Minecraft malware: Malicious code found in Minecraft skins has infected 50,000 accounts (and counting) with malware that wipes computer hard drives

Vaughn Highfield April 17, 2018

Minecraft, the immensely popular world-building game with more than 74 million players, has a malware problem. Users who download skins for their avatars, from the official Minecraft website, are unwittingly allowing malicious code onto their computers.

Currently, nearly 50,000 Minecraft accounts are known to be infected with the malware which is designed to reformat a person’s hard drive and delete backup data and system programs.

The problem was first spotted by security software developer Avast’s Threat Labs. The team discovered that user-created and uploaded Minecraft character skins created as PNG files were being used as a distribution method for homebrew malware before being uploaded onto Mojang’s Minecraft website.

Mojang is aware of the issue and is currently working on fixing the vulnerability.

https://youtube.com/watch?v=XzCYP-xLURM

READ NEXT: How teachers are bringing Minecraft into classrooms

Avast believes that each instance of malicious code hasn’t been created by hardened cybercriminals but, instead, is little more than inexperienced players looking to exploit others for their own amusement. The code itself is, in Avast’s words “largely unimpressive” and can actually be found on websites that provide step-by-step guides to creating viruses using Microsoft’s built-in Notepad word processing tool.

However, because of Minecraft’s massive reach – with 43% of its user demographic also under 21 – there’s an especially vulnerable group of people for these malware creators to tap into. The real kicker comes when you consider that, as many parents and players believe Minecraft to be a safe game to spend time playing, people are less likely to look into exactly what it’s doing to your computer.

Most parents and players would trust third-party skins if they’re being hosted on the official Minecraft website but it appears Mojang isn’t screening each upload for potential viruses. Even if users are scanning their machines on a regular basis, flagged issues may be ignored because a user simply believes anything downloaded from the Minecraft website is clean and the scanning software is simply issuing a false positive.

So far, infection numbers are comparatively small compared to the number of active Minecraft players. However, as user numbers grow nearly 20 million each year, there’s real potential for an epidemic to spread.

Minecraft malware: How to protect yourself

Obviously, not all skins for Minecraft are infectious and to believe so would be severely detrimental to Minecraft’s user-created appeal. However, there are three known infectious skins out there right now. If you’ve downloaded them or ones similar, you should run a scan on your system right away.

minecraft_malware_skins

Identifiers for infection include unusual messages in Minecraft account inbox and system performance issues due to a “tourstart.exe” loop or error messages related to disk formatting. If you’ve received a message in your inbox stating “You Are Nailed, Buy A New Computer This Is A Piece of Sh*t”, “You have maxed your internet usage for a lifetime” or “Your a** got glued”, you could be infected.

Protecting yourself against Minecraft malware is generally as straightforward as running regular antivirus scans on your system. Most decent software will remove the threat once it’s been detected, but if it’s a particularly bad infection you may have to reinstall Minecraft. Avast also warns that, in extreme circumstances where infected machines have had files deleted, data restoration is likely the only option.