Minecraft cheaters try to steal accounts, download ransomware instead

Minecraft cheaters try to steal accounts, download ransomware instead

Japanese Minecraft players looking for stolen accounts are getting duped by malware.


Minecraft cheaters try to steal accounts, download ransomware instead - image1
(Image credit: Mojang/Microsoft Studios)

Mɪɴecraft cʜᴇᴀᴛers ɪɴ Japᴀɴ ᴀʀᴇ ʙᴇɪɴg ʜɪᴛ wɪᴛh sᴏᴍᴇ ɪɴstᴀɴt kᴀʀᴍa, accᴏʀdɪɴg ᴛᴏ cyʙᴇrsecurɪᴛy ᴏᴜᴛꜰɪᴛ Fᴏʀtɪɴet. Wᴀɴnaʙᴇ hackers ᴀʀᴇ ʙᴇɪɴg tarɢᴇᴛed ʙʏ dᴀᴛa-destroyɪɴg rᴀɴsᴏmwᴀʀᴇ thᴀᴛ mᴀsquerades ᴀs a lɪst ᴏꜰ sᴛᴏlen Mɪɴecraft acᴄᴏᴜɴᴛs. 

Such a list is theoretically attractive to players who want to anonymize themselves to keep their main accounts from catching bans, most obviously to get away with cheating, griefing, and other bad behavior. While it's unclear how many Japanese Minecraft players have fallen for the ransomware trap, Fortinet has detailed what the attack does.

According to Fortinet, the ransomware temporarily corrupts files smaller than 2 MB until the victim has paid 2,000 yen (about $17) to rescue them. But it doesn't give the victims a chance to save everything. When they open the executable, any files that are larger than 2 MB and have a variety of extension types (a list can be found on Fortinet's site) are filled with random bytes that permanently destroy them. It deletes any Windows backup copies of the files so you can't simply restore them either. It also plasters a ransom note on the user's wallpaper. The only thing it doesn't do is take any of your data. How considerate.

The attacker demands prepaid cards for online shopping, gaming, music, mobile phones, and streaming services as payment. The best bit is that, according to Fortinet, the ransom note says that the attacker is "available only on Saturdays and apologizes for any inconvenience caused." Even if the victim pays the fee, only the files smaller than 2 MB can be restored.

The ransomware is a variant of the Chaos ransomware that's been making the rounds since June. Other variants of the Chaos ransomware were found to infect all of a system's hard drives as well as disable Windows recovery mode entirely.

As always, whether you're trying to cheat at Minecraft or otherwise, downloading and running executables from sketchy sources is a bad idea. (But don't try to cheat at Minecraft, either.)

Author's other posts