Malware has hit nearly 50 000 Minecraft players, designed to reformat hard-drives and delete backup data and system programs. Antivirus software Avast’s data from the past 30 days identifies the virus as the malicious Powershell script. The threat uses Minecraft skin .PNG files uploaded to minecraft.net to spread onto computers. After infecting the computer, the virus will send a message to users accounts, such as “You Are Nailed, Buy A New Computer This Is A Piece Of Sh*t”, “You have maxed your internet usage for a lifetime” or “Your a** got glued”. Infected users can also receive error messages related to disk formatting or a tourstart.exe loop that hurts system performance.
How did such a serious virus affect so many people?
The most worrying thing about this virus isn’t what it does, but that it could do it at all. Avast describes the malware’s code as “unimpressive” and believe it was made with a simple step by step guide. As those responsible are clearly amateurs and not professionals, their motives are less criminal and more malicious mischief. Avast believes these “script-kiddies” wanted to troll Minecraft players and expose a flaw in Mojang’s system.
Therefore, this flaw in Mojang’s system is the more distressing aspect of this virus. Unsuspecting users downloaded these skins from the official Minecraft domain. Not only did malware penetrate Mojang’s security, but minecraft.net officially endorsed it like any other skin. While 74 million players around the globe play Minecraft, it is a smaller number who use custom skins. Despite this, Avast still blocked 14,500 infection attempts over 10 days.
Minecraft is overwhelmingly popular, including casual PC users and children who don’t understand viruses. However, minecraft.net’s endorsement of infected skin doesn’t just fool users. Having a virus come from an official internet source means the skins also fool antivirus software. Here’s the url that hosts one of the malware infected skins,
What’s the best way to detect and prevent infection?
For computers already infected, restoration from a backup is unfortunately the only option. However, now that the Minecraft community is aware of the malware, they can combat it. Firstly, Mojang has said they are working to fix the vulnerability in their system. They did not estimate how long this would take. If users have downloaded skins recently, check them for malware with a virus scan. Here are some examples of infected skins,
For the time being, avoid unverified skins. If users do download skins be careful as antivirus software can mistake minecraft.net verification as a false positive. The safest option is to install Avast’s own free software, even if it’s just temporarily. This is because they have the most recent registry and have been effective at detecting the virus. To be extra safe, users should backup their PCs.