Minecraft players beware, hackers using fake mods to steal login data and more

Cybercriminals are actively exploiting the popularity of

Minecraft

and its modding community to spread malware disguised as game enhancements, a report claims. This hacking campaign is reportedly targeting players with fake mods that can steal personal data, including cryptocurrency wallets and login credentials. According to a report by Check Point Research (CPR), cybersecurity researchers started tracking this campaign in March and identified a network called

Stargazer's Ghost Network

. This network operates under a distribution-as-a-service (DaaS) model that uses multiple GitHub accounts to widely distribute malicious links and malware, the report claims.

How cybercriminals are attacking Minecraft players

As per the report, these attacks use a multistage approach designed to covertly infect users' machines. The malware is often disguised as popular cheat tools within the Minecraft community, such as Oringo and Taunahi. The initial stages of the malware are written in Java and require Minecraft to be pre-installed on the victim's device, ensuring the attackers target active players, the report notes.Since March 2025, cybercriminals have been spreading malware disguised as Minecraft mods on GitHub, the report highlights. These fake mods, which mimic popular cheat tools, contain a Java-based downloader that initiates a multi-stage attack.

After verifying the environment isn't a virtual machine, the malware downloads further payloads to steal sensitive data, including credentials from browsers, crypto wallets, and apps like Discord and Steam. It can also take screenshots and gather system info, the report warnsThe stolen data is then exfiltrated through Discord to evade detection. Over 1,500 devices are estimated to have been affected. The campaign, likely of Russian origin based on file comments and time zone activity, underscores the risks of downloading third-party content. Users have been advised to stick to verified mod sources, avoid cheat-related tools, and keep their systems updated.