Tag: Minecraft | Page 2

Mirai Botnet Targeted Wynncraft Minecraft Server, Cloudflare Reports

October 14, 2022/in Internet Security

Performance and security company Cloudflare reported that it stopped a 2.5Tbps distributed denial-of-service (DDoS) attack in Q3 2022 launched by a Mirai botnet against Minecraft server Wynncraft.

The data comes from the company’s latest DDoS Threat Report, which includes insights and trends about the DDoS threat landscape in the third quarter of 2022.

“Multi-terabit strong DDoS attacks have become increasingly frequent. In Q3, Cloudflare automatically detected and mitigated multiple attacks that exceeded 1Tbps,” the company wrote in a blog post on Wednesday.

“The largest attack was a 2.5Tbps DDoS attack launched by a Mirai botnet variant, aimed at the Minecraft server, Wynncraft. This is the largest attack we’ve ever seen from the bitrate perspective.”

According to Cloudflare, the multi-vector attack consisted of UDP and TCP floods. Still, the Wynncraft server infrastructure held and “didn’t even notice the attack” since the security firm filtered it out for them.

“Even with the largest attacks […], the peak of the attacks were short-lived. The entire 2.5Tbps attack lasted about 2 minutes […]. This emphasizes the need for automated, always-on solutions. Security teams can’t respond quickly enough.”

More generally, however, Cloudflare said it noticed a 405% increase in Mirai DDoS attacks compared with the second quarter of 2022, alongside a general increment by other threat actors.

“Attacks may be initiated by humans, but they are executed by bots — and to play to win, you must fight bots with bots,” Cloudflare wrote.

“Detection and mitigation must be automated as much as possible because relying solely on humans puts defenders at a disadvantage.”

Among the most impactful DDoS attacks of the last few months worth mentioning are the August ones against Taiwanese Government sites, the ones targeting UK financial institutions in September and the KillNet ones disrupting the websites of several US airports earlier this month.

Source…

Hackers found a new way to sneak malware into your computer using Minecraft updates — here’s how you can stay safe

September 12, 2022/in Computer Security

Minecraft, FIFA, Far Cry and Call of Duty top of the list of game titles hackers use to distribute malware.
Malware is used to gather login credentials, credit card details and more.
Below, check out simple steps that can be used to stay safe.

The video game industry has become one of the biggest beneficiaries of the pandemic as millions of people picked up the habit of playing video games to escape the isolation and boredom of the COVID-19 lockdowns.

Since then, the gaming industry has been expanding rapidly, and the number of video game-related cyberthreats and attacks has significantly risen in recent months, research has revealed.

A new report from
Kaspersky suggests that popular games like Minecraft are used as bait by cybercriminals, from phishing scams to malware downloads. Based on stats collected by the security firm between July 2021 and July 2022, Minecraft- related files accounted for roughly 25% of malicious files, followed by FIFA (11%), Roblox (9.5%), Far Cry (9.4%) and Call of Duty (9%).

Other game titles were also spotted with a notable percentage of abuse, Grand Theft Auto, Need for Speed, and The Sims.

Minecraft also topped the list of mobile malware threats, as the game was used as a lure for 40% of detected incidents, followed by FIFA (5%), Roblox (10%), PUBG (10%) and GTA (15%).

However, as per the Kaspersky report, the total number of malicious and unwanted files related to Minecraft decreased by 36% compared to the previous year (131,005 against 184,887).

Trojan-PSW — Game over

When downloading the games from untrustworthy sources, unwanted malicious files and software get downloaded automatically that can gather sensitive information like data login information or passwords. Further, in an attempt to download games for free and find mods or cheats, gamers tend to lose money or their account.

The Kaspersky report reveals hackers use Trojan-PSW (Password Stealing Ware) malware which gathers user credentials, Trojan-Banker, which steals payment data; and Trojan-Game Thief, which collects login information from gaming accounts.

From July 1, 2021, to June 30, 2022, the Kaspersky security solution detected that 6,491 users were affected by 3,705…

Source…

Serious security flaw threatens Minecraft and possibly the entire internet — what to do

December 10, 2021/in Computer Security

If you’re a Minecraft player using the Java Edition on a PC, Mac or Linux box, you’ll want to update your game software to the latest version immediately.

There’s a very serious security flaw that could let malicious hackers totally take over your computer. The issue could also affect many other online services, including possibly Steam and Apple iCloud, but we don’t yet know exactly how severe the threat to those other platforms is.

Ideally, you want your Minecraft Java Edition client software to be fully updated to version 1.18.1, released earlier today (Dec. 10). Often, just closing the game and then restarting the launcher will automatically update the game software to the latest version.

“If you play Minecraft: Java Edition, but aren’t hosting your own server, you will need to take the following steps,” said a blog post today on the Minecraft website. “Close all running instances of the game and the Minecraft Launcher. Start the Launcher again — the patched version will download automatically.”

I’d advice you to not play versions of Minecraft earlier than 1.12 right now.December 10, 2021

Players running Minecraft mods based on earlier versions of the Java Edition will have to figure out their own way to version 1.18.1. Administrators of Minecraft servers need to follow specific instructions depending on which server-software version they’re running, as detailed in the Minecraft blog post. Interestingly, versions below 1.7 don’t seem to be affected by this flaw.

Nor does the flaw seem to affect Minecraft Bedrock Edition, aka just Minecraft. That edition is not based on Java and runs on Windows, mobile devices and game consoles. That version is up to 1.18.2.

Generally, if you downloaded your Minecraft software for Windows from the Minecraft website, or you’re using a Mac or Linux box, you’re running the Java Edition.

If you got the Windows version of the game from the Microsoft online store, or you’re playing Minecraft on iOS, Android or a gaming console, then you’re running the Bedrock Edition and you’re not in any danger.

“This exploit is quite severe on Minecraft Java Edition. Anyone can send a chat message which exploits everyone on the server and the server…

Source…

Minecraft Modpacks Carrying Malware Returned to the Play Store Under New Names| TechNadu

June 10, 2021/in Computer Security

The authors of adware-ridden Minecraft modpack apps have found a way into the Play Store again.
The apps now use an extra module that adds more functions like opening app pages or YouTube videos.
Keeping malware outside the Play Store is practically impossible, so users are advised to pick their apps carefully.

Back in November 2020, Kaspersky discovered several fake Minecraft “modpack” apps on the Play Store, which had the sole purpose of infecting unsuspecting users with adware. After the apps were reported to Google and quickly removed, their authors had to return to the drawing board, and according to Kaspersky’s latest report, they did. The malware-ridden apps have returned on the Google Play Store, albeit under new names and themes, and also with some additional hiding tricks under their sleeve.

More specifically, Kaspersky decided to look at the currently available Minecraft modpack apps again and was not surprised to find that many of them were again adware. The addition this time comes in the form of an extra module fetched by the apps after installation, enabling them to carry out more functions. These include hiding their icons, run the browser, play YouTube videos, open Google Play app pages, and more.

Of course, the apps download this module after their installation to evade review-stage rejections and also to secure the granting of risky permissions from the user. As such, this is yet another reminder to pay attention to what is requested from you on the permissions prompt and not just approve anything that is thrown at you.

In addition to the Minecraft mods, which appears to be a pretty risky category, Kaspersky mentions an app named “File Recovery – Recover Deleted Files” v1.1.0, which carries the same adware. The app has been available on the Play Store until late February 2021, so there’s a good chance that a significant number of Android devices still have it. After its removal at that point, the developers uploaded a clean version, number 1.1.1, which isn’t dangerous to use.

More recent examples come in the form of fake Madgicx and fake TikTok ad-management apps, which are basically just phishing Facebook accounts…

Source…

Tag Archive for: Minecraft

Trojan-PSW — Game over