Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data

Key Points
Check Point Research discovered a multistage campaign targeting Minecraft users via the distribution as a service (DaaS) Stargazers Ghost Network, which operates on GitHub. The malware impersonates, among others, Oringo and Taunahi, which are “Scripts & Macro” tools (a.k.a cheats).

The first-stage downloader and the second-stage stealer are implemented in Java and require Minecraft to be installed on the host. The third and last stage malware is a .NET stealer with extended capabilities.

Minecraft malware is written in Java, which is often overlooked by security solutions.

The malware is developed by a Russian-speaking threat actor and contains several artifacts written in the Russian language.

To read the complete article see: https://research.checkpoint.com/2025/minecraft-mod-malware-stargazers/