The world of video games continues to grow. Also cyber attacks to great games such as Minecraft.
The threat research unit, Check Point Research, warns how these threats can reach your organization.
According to statista figures, in the last two years the trend that places mobile devices as the largest segment within the world video game market has been consolidated.
According to the statistics page, at the end of 2023:
-
Games from mobile phones reported around US $ 90.5 billion
-
Second, the consoles reported around US $ 53,000 million
-
While third place occupied the once powerful PCs
Of course, this evolution was a slow, but sure process. But, only consoles are hardly filtered to organizations.
That is why the check point Research (CPR) report that a sophisticated information theft campaign addressed to the Minecraft community has been dismantled.
According to the Threat Intelligence Unit of Check Point Software Technologies, Minecraft brings together more than 200 million monthly active users.
“We recommend the community of players to download only mods from official sources, maintain their updated security solutions and distrust tools that request unnecessary permits,” said Check Point Software technical director for Spain and Portugal, Eusebio Nieva.
Transgenerational vector
As explained from CPR, under the name Stargazers Ghost Network, the attack exploits the distribution of supposed mods through Github, operating as a malware-A-Service (Maas) model and using a modular design in Java and .net.
The threat spreads as “cheats” or performance accessories, camouflaged in public repositories with names such as Oringo-1.9.jar and Taunahi-V3.jar.
The innovative is not only the attack vector, but its evasion. Due to its structure in Java, malware manages to go unnoticed even in sandbox environments.
Because? Because, historically, Java has been a language underestimated by antivirus engines.
The second sophistication layer lies in the supply chain. Malicious files were hosted in active Github repositories since March 2025.
These are updated by dynamic links through Pastebin, hindering traceability.
“This campaign demonstrates how a threat, apparently a simple mod for a popular game, can evade security controls and execute a data theft attack in multiple phases,” said Eusebio Nieva, technical director of Check Point Software for Spain and Portugal.
Photos courtesy of CPR
