(Update) New malicious code causes certain Minecraft players to be at risk of malware

Discussion in 'GBAtemp & Scene News' started by Chary, Apr 17, 2018.

  1. Chary
    OP

    Chary Never sleeps.

    pip Reporter
    25
    GBAtemp Patron
    Chary is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Oct 2, 2012
    United States
    unknown.png

    Minecraft players might find themselves at risk for a malware that's spreading. According to Avast, 50,000 accounts have fallen victim to a malicious code which infects your computer and reformats users' hard drives. Supposedly, this malware isn't complex at all, but the issue is that people were able to upload this virus via Minecraft skins, and onto the official Minecraft site, where many people go to in order to download skins for their characters. With a 75 million playerbase, there's a multitude of users that could be potentially affected, although only younger users are more likely to download skins, therefore leaving them the most susceptible to downloading the malware. There's a handful of specific skins, such as the ones above, that have the malware script attached, but it would be the safer option to not download any skins at this time. Claims are being made that if an affected user joins a host that you're on, it can also affect you as well and put you at risk, though this is unverified.

    Affected users that wound up downloading an infected skin began receiving unusual messages in their inbox on the Mojang site, such as,

    There's also a variant that can affect "tourstart.exe" on your computer, which causes massive performance issues to your PC, especially on startup. Avast claims that they've protected over 15,000 threats by removing the harmful software, or preventing it from downloading. At the time of writing, the issue has not been resolved, but Mojang is currently working to address this problem.

    :arrow: Source

    Edit: The Minecraft official Site has responded to the problem and have fixed this issue.

    Supposedly, the claims by Avast were false, and that code hidden in the skins couldn't actually be executed, according to Minecraft developers. Regardless, any potential for such a problem to occur with the Java version has been fixed.
     
  2. Mnecraft368

    Mnecraft368 GBAtemp Maniac

    Member
    4
    Aug 8, 2015
    Minecraft just turned dark :/
    Well its a good e-safety lesson for the kids that play it :P

    Though deleting hard drives is gonna cause alot of problems for many of them as they might not know what to do and their parents might not be very "computer-knowledgable"
     
    Last edited by Mnecraft368, Apr 17, 2018
  3. Taffy

    Taffy AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

    Member
    3
    Mar 3, 2017
    United States
    Student
    beautiful

    starbound is better anyways.

    ...Eh. It's still a worrying thing, I hope it gets sorted out.


    ...Really makes you think. Somebody had nothing better to do than make a virus that'll make millions of young kids (and adults) freak out.......actually I can't wait to see that happen. Popcorn time.
     
  4. THEELEMENTKH

    THEELEMENTKH -

    Member
    7
    May 31, 2016
    Italy
    Italian summer island
    How great...
    Remind me why some people care to do these kind of malware?
     
  5. Chary
    OP

    Chary Never sleeps.

    pip Reporter
    25
    GBAtemp Patron
    Chary is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Oct 2, 2012
    United States
    Some people just want to watch the world burn?
     
  6. Taffy

    Taffy AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

    Member
    3
    Mar 3, 2017
    United States
    Student
    Well, people get bored. And boredom is boring. So people piss off other people and do things like that.

    Aside from geting to watch kids go ballistic, I *GUESS* it'll make the owners of the computers angry. But still, popcorn time
     
  7. Mnecraft368

    Mnecraft368 GBAtemp Maniac

    Member
    4
    Aug 8, 2015
    They could just want to see some kids raging about it on youtube :P
    Also, is this affecting the Bedrock (Windows 10, PE, Xbox) or Java (PC) versions of the game. I'm guessing the PC version but I wanna make sure if I ever decide to play for a while (not that I download skins, I made my own)
     
    SpiffyJUNIOR likes this.
  8. Eix

    Eix Trap Waifu (I require all snuggles, E'icks not X)

    Member
    4
    May 27, 2017
    United States
    Lurking in the Void for a bit
    nice
    i wonder how much mcafee is gonna make off 12 year olds using their moms card
     
  9. jimmyj

    jimmyj Official founder of altariaism. Copyright jimmyj

    Member
    2
    May 26, 2017
    Italy
    Hyrule
    Oh well

    — Posts automatically merged - Please don't double post! —

    Yeah lol

    — Posts automatically merged - Please don't double post! —

    How does the virus even execute? Isn't a skin just a png file?
     
    Mnecraft368 likes this.
  10. Sonic Angel Knight

    Sonic Angel Knight GBAtemp Legend

    Member
    14
    May 27, 2016
    United States
    New York
    Minecraft came installed with windows 10, time to uninstall a game i never played. :ninja:
     
  11. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    16
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Mar 17, 2010
    Norway
    Alola
    This is creepypasta come to life. Never seen malware going through a game and specifically targeting players of that game before, but I guess it had to happen sooner or later.
    There's probably an flaw in the png code Minecraft uses, then all they need to do is carefully craft the file so it causes code execution to jump to a part of the png file that contains their payload. And from there the possibilities are endless.
     
  12. Mnecraft368

    Mnecraft368 GBAtemp Maniac

    Member
    4
    Aug 8, 2015
    They could bait lots of people by saying "Download this skin and you get free hacks in all servers", then it does give them the hacks but as soon as they finish playing they find out that only Minecraft is installed, and re-opening it wipes the remainder of the hard drive.
    I should try that...jk
     
    SuzieJoeBob likes this.
  13. souler92

    souler92 GBAtemp Fan

    Member
    2
    Jan 5, 2017
    Netherlands
    you can fuse a png and exe file into 1 file. then when the extension png is there, it opens the image, when extension .exe, bat or whatsoever the payload is, it loads up

    probably they found a way for minecraft to execute the malicious malware
     
  14. gudenau

    gudenau Largely ignored

    Member
    8
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jul 7, 2010
    United States
    /dev/random
    I am guessing this is just the inferior C based versions, since this should not do anything on the real version.
     
  15. nl255

    nl255 GBAtemp Addict

    Member
    6
    Apr 9, 2004
    Seriously? You are here on gbatemp, a console hacking site, and don't understand that there is no such thing as a harmless file and that almost any file type can be used to execute arbitrary code.

    Remember, Soundhax is/was just an AAC audio file yet gave full access to the 3DS including it's arm9 security chip thus allowing the installation of full blown custom firmware. That's right, full blown custom firmware just by playing a "harmless" music file.

    — Posts automatically merged - Please don't double post! —

    Or the png file itself contains the malware. After all if you can get full blown custom firmware on a system just by playing a "harmless" sound file then why not? It's not like Microsoft is known for good security.
     
    Last edited by nl255, Apr 17, 2018
  16. Flaflo

    Flaflo Member

    Newcomer
    2
    Apr 24, 2014
    Germany
    I knew about this exploit about more than a year, its kinda shocking that it took so long for other to notice.
    Btw this exploit does only run on windows because the code is appended on the png file with a special format that is only interpreted by windows.
    Dont gonna explain more detail because as of now this exploit is not fixed.

    — Posts automatically merged - Please don't double post! —

    Nope this applies to the java version of minecraft
     
    NutymcNuty likes this.
  17. Yepi69

    Yepi69 Jill-sandwiched

    Member
    7
    Nov 29, 2010
    Portugal
    Behind you
    It's not like Java is super secure, it was only a matter of time.
    It's no wonder that browsers discontinued it, I'm sticking with the Windows 10 version so far and downloaded a couple of skins this week.
    So far so good ;)
     
    NutymcNuty likes this.
  18. Flaflo

    Flaflo Member

    Newcomer
    2
    Apr 24, 2014
    Germany
    well its kinda like this but its not .exe code appended to the png file. also as of i know this does not apply to all minecraft versions. i tested it on 1.7.9 up to 1.8.X
     
  19. Mnecraft368

    Mnecraft368 GBAtemp Maniac

    Member
    4
    Aug 8, 2015
    Thought so. I would highly doubt that Bedrock would see this issue.
     
    Flaflo likes this.
  20. Flaflo

    Flaflo Member

    Newcomer
    2
    Apr 24, 2014
    Germany
    Its not Java fault on failing with security but its mojang that has done many things wrong
     
    gnmmarechal and Mnecraft368 like this.
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice