Caution Required for Minecraft Mod Users

Gamers, you must be vigilant about the mods and tools (with no cheats, of course) you use for Minecraft. There are reports about mods that harbor malware which can capture not only your Minecraft logins but also your browser credentials, Steam profiles, and even cryptocurrency wallets. Scary, right?

According to Bleeping Computer, a large-scale malware operation led by the Stargazers Ghost Network has been employing Minecraft’s widespread modding infrastructure for what is termed distribution-as-a-service (DaaS) attacks. These malicious tools and mods often originate from GitHub accounts that attempt to impersonate legitimate sources.

“Since March 2025, Check Point Research has been monitoring harmful GitHub repositories aimed at Minecraft users featuring an undetected Java downloader. These repositories claim to offer Minecraft mods and appear to be authentic since multiple accounts have starred them,” according to the CPR report.

What’s the risk if the downloader runs? It steals various credentials from browsers (Chromium, Edge, Firefox), files from locations like Desktop and Documents, and even cryptocurrency wallets from various platforms. Furthermore, it gathers details about the infected device, like the running processes, external IP addresses, clipboard content, and captures screenshots.

Research indicates that the perpetrator behind these methods is believed to be of Russian origin, showcasing how popular gaming communities are prime targets for malware spread. Therefore, only download mods from credible and trusted creators. If you’re ever prompted to download a mod from GitHub, proceed with extreme caution. Avoid content lacking a detailed history to protect yourself against such threats.