Recent findings from CheckPoint Research have unveiled a concerning trend that places millions of Minecraft players at risk of having their sensitive information compromised. With a user base exceeding 200 million, the potential for financial theft looms large as a malicious campaign has been identified, targeting the game’s modding community.
<figure class="articlemedia”>
<span class="articlegallery-count-value”>1
<figcaption class="articlemedia-caption”>
<span class="articlemedia-span”>Millions of Minecraft users risk having money stolen in a recent attack
<span class="articlecredit”>Credit: Alamy
The allure of Minecraft lies in its creative freedom, often enhanced by mods—fan-made additions that enrich the gaming experience. However, players must tread carefully, as downloading these mods can inadvertently introduce harmful viruses into their systems.
read more on tech
CheckPoint Research has reported that a widespread malicious campaign is exploiting the Minecraft modding ecosystem, with malware disseminated through platforms like GitHub. A network of accounts, referred to as the Stargazers Ghost Network, has been impersonating popular cheats and scripts, such as “Oringo” and “Taunahi.” These accounts have deceptively garnered attention by having multiple users star their mods, lending them an air of legitimacy.
The attack unfolds in a multi-stage process, initiated through Java files that can only execute if the host computer has the Minecraft runtime installed. Once activated, these files can infiltrate systems and extract personal information from unsuspecting users.
Since March 2025, CheckPoint Research has been diligently monitoring these malicious GitHub repositories. Alarmingly, the malware has evaded detection by all antivirus engines on VirusTotal, specifically targeting Minecraft users. The potential data at risk includes private conversations on platforms like Discord, cryptocurrency wallets, browser logins, and more.
In light of these developments, gamers are urged to exercise caution when downloading third-party content. This warning comes on the heels of a colossal data breach that exposed approximately 16 billion logins for major platforms, including Apple, Facebook, and Google. Experts caution that this breach grants hackers unprecedented access to personal information and online accounts.
Logins for various services, including Instagram, Microsoft, Netflix, PayPal, Roblox, Discord, Telegram, GitHub, and numerous government services across more than 29 countries—including the UK and the US—have also been compromised, amplifying the urgency for users to safeguard their digital identities.