New Spyware Campaign Targets Minecraft Players via GitHub Mods
In a cunning new malware campaign, attackers are zeroing in on one of the most popular gaming communities—Minecraft players—by hiding spyware inside game mods hosted on GitHub. Check Point Research, as reported by Bleeping Computer, has uncovered a “multistage campaign” dubbed the Stargazers Ghost operation that specifically targets Minecraft users seeking mods, leveraging the surge of interest fueled by a recent hit children’s movie.
This spyware aims primarily to harvest login credentials—not just for Minecraft accounts but also for third-party game launchers, social media, and messaging apps. In its second phase, the malware attempts to extract more sensitive information from browser caches and other applications, with a strong focus on passwords and cryptocurrency wallets.
Spanning more than 500 GitHub repositories, this malware is cleverly disguised within Minecraft Java installers, making it difficult for many antivirus tools to detect. The fact that this is happening on GitHub—a platform owned by Microsoft and widely trusted by developers—adds an extra layer of deception. While GitHub actively monitors for malicious content, the volume and sophistication of attacks like this strain even the best security teams.
For parents and gamers alike, vigilance is crucial. Experts recommend carefully vetting mod sources, testing new mods in isolated or “burner” accounts, or simply restricting gameplay to official mods, such as those available in the Minecraft Bedrock Edition, which offer safer alternatives.
