Almost 50,000 Minecraft Players Hit With Malware That Formats Hard Drives

Minecraft fans, beware of what you install. Anti-virus makers Avast have announced that over the last 30 days, they have identified malware that has infected almost 50,000 Minecraft players, malware designed to "reformat hard-drives and delete backup data and system programs".

In the post on the official Avast blog, the company warned that the malware was contained in a Powershell script that "uses Minecraft skins created in PNG". "They can be uploaded to the Minecraft site from various online resources," Avast noted.

According to the company, the malware is "included in skins available on the Minecraft website". They even showed three example avatar skins, all infected with malware:

Image: Avast

The malware isn't impressive from a technical standpoint - Avast notes that it can be found on sites that teach users how to make a virus in Notepad. The bigger problem is that the code could be uploaded to the official Minecraft website, greatly expanding the reach and potential number of infections.

To detect the malware, Avast recommends a full system scan. Indications that users might be infected also included system performance problems related to a file called "Tourstart.exe", or weird messages in your Minecraft inbox.

Mojang is reportedly working on a fix, and Kotaku Australia has contacted Microsoft's local representatives for a statement. "We have addressed this issue and put additional measures in place to protect our community. We encourage players to report any suspicious activity to feedback.minecraft.net," a Microsoft spokesperson later said.


Comments

    The guy in the middle has definitely been infected with something. He's crawling with all sorts of bacteria and infections.

    I read Avast's blog entry. Kind of weird. While skins are technically "uploaded" to the "Minecraft website", you certainly don't get your skins from minecraft.net.

    I assume this warning is for Java Edition (ie "proper" Minecraft)? Again - you don't download skins from "the official Minecraft site", you only upload them, one at a time, to your profile. You can only have one custom skin on there at a time and other people can't get your skin directly from an "official" Minecraft source.

    You need to go to a community skin site like skindex or something, to see a catalogue of skins and choose from among them. This is where you'd pick up any malware, presumably.

    Avast doesn't even make the distinction between Java Edition and Windows 10 Edition (or Bedrock Engine edition if you like). Does it affect both? Just Java? Or what?

      @fermian asking the real questions.
      I’m going to make a leap of faith and assume that if you’re not browsing for skins, you’re in the clear, but I think that might be a little risky too... if a player with an ‘infected skin’ joins your server, will other MC client users on the same server attempt to execute that same command?
      Does this affect users who are still running older OS’ with User Access Control (UAC) enabled, or does this somehow bypass executing Powershell as an admin of your minecraft client is set to execute this way?

Join the discussion!

Trending Stories Right Now