Aggregator

一场大规模的恶意软件活动专门针对《我的世界》玩家，他们使用恶意模型和欺骗手段感染Windows设备，通过信息窃取器窃取凭证、身份验证令牌和加密货币钱包。

该活动由Check Point Research发现，由Stargazers Ghost Network进行，并利用《我的世界》大规模建模生态系统和GitHub等合法服务来吸引大量潜在目标受众。

Check Point在Pastebin链接上看到了成千上万的浏览量或点击量，这些浏览量被威胁者用来向目标设备发送有效载荷，此次活动的影响范围广泛。

隐秘的Minecraft恶意软件

Stargazers幽灵网络是一种自去年以来活跃在GitHub上的分发即服务（DaaS）操作，首次被Check Point记录在涉及3000个传播虚假信息的账户的活动中。

同样的操作，由虚假的GitHub星标推动，被观察到在2024年底感染了超过17000个系统，使用了一种新型的基于Godot的恶意软件。

由Check Point研究人员Jaromír Hořejší和Antonis Terefos描述的最新活动用Java恶意软件攻击《我的世界》，该恶意软件可以逃避所有反病毒引擎的检测。

研究人员发现了多个由Stargazers运行的GitHub存储库，伪装成《我的世界》（Minecraft）模型和Skyblock Extras、Polar Client、FunnyMap、Oringo和Taunahi等作弊工具。

Antonis Terefos表示目前已经确定了大约500个GitHub存储库，包括那些分叉或复制的，它们是针对《我的世界》玩家的行动的一部分。另外，还看到了大约70个账户产生的700颗星星。

参与此操作的四个存储库

一旦在Minecraft中执行，第一阶段的JAR加载器使用base64编码的URL从Pastebin下载下一阶段，获取基于java的窃取器。

这个窃取者的目标是Minecraft账户令牌和来自Minecraft启动器和流行的第三方启动器（如Feather， Lunar和Essential）的用户数据。

它还试图窃取Discord和Telegram帐户令牌，通过HTTP POST请求将窃取的数据发送到攻击者的服务器。

Java窃取程序还可以作为下一阶段的加载程序，这是一个基于。net的窃取程序，名为“44 CALIBER”，这是一个更“传统”的信息窃取程序，试图窃取存储在网络浏览器、VPN帐户数据、加密货币钱包、Steam、Discord和其他应用程序中的信息。

感染链概述

44 CALIBER还收集系统信息和剪贴板数据，并可以抓取受害者电脑的屏幕截图。

研究人员说：“在去混淆之后，我们可以观察到它从浏览器（Chromium, Edge, Firefox），文件（Desktop, Documents, %USERPROFILE%/Source），加密货币钱包（Armory, AtomicWallet, bitcoore, Bytecoin, DashCore, Electrum, Ethereum, LitecoinCore, Monero, Exodus, Zcash, Jaxx）， vpn (ProtonVPN, OpenVPN, NordVPN), Steam, Discord, FileZilla， Telegram中窃取各种凭证。”

被盗数据是通过Discord的网络钩子泄露出来的，并附有俄罗斯的评论。这个线索，结合UTC+3提交时间戳，表明这个活动的操作者是俄罗斯人。

Check Point在其报告的底部分享了完整的入侵指标（ioc），以帮助检测和阻止威胁。

为了确保安全，微软玩家应该只从信誉良好的平台和经过验证的社区门户网站下载mod。如果提示从GitHub下载，请检查启动、分叉和贡献者的数量，仔细检查提交是否有虚假活动的迹象，并检查存储库上最近的操作。最后，谨慎的做法是在测试mod时使用单独的“burner”Minecraft账户，避免登录到其主账户。

The United States has issued a warning regarding potential cyberattacks from pro-Iranian groups following a series of airstrikes on Iran’s nuclear facilities—strikes that have escalated into an armed conflict between Iran and Israel, which...

The post US Warns of Iranian Cyberattacks After Airstrikes: Truth Social Hit, Infrastructure at Risk appeared first on Penetration Testing Tools.

In May, Telegram launched what appeared to be a decisive strike against the shadowy Chinese-speaking underworld of cryptocurrency fraud by blocking its largest marketplaces—platforms rife with services for money laundering, the trade of stolen...

The post Crypto Black Markets Rebound: Telegram’s Purge Fails as Money Laundering Hubs Resurface appeared first on Penetration Testing Tools.

Users weary of pervasive surveillance and incessant advertising have long sought ways to reclaim a measure of control over their digital lives. Yet one must ask—what assurance exists that the latest privacy solution is...

The post Securonis Linux: The Ultimate Privacy OS That Routes All Your Traffic Through Tor by Default appeared first on Penetration Testing Tools.

A large-scale cyber-espionage campaign has been uncovered in Canada, reportedly orchestrated by a threat group known as Salt Typhoon, which authorities believe is linked to China. The operation was disclosed in a joint advisory...

The post Salt Typhoon Strikes Canada: China-Linked APT Breaches Telecom, Exploits Cisco Routers for Espionage appeared first on Penetration Testing Tools.

Trend Micro recently received a confidential report from a security researcher disclosing a critical vulnerability in WinRAR version 7.11 and earlier. This high-risk flaw allows threat actors to execute arbitrary code by crafting malicious...

The post WinRAR Flaw (CVE-2025-6218): Remote Code Execution via Directory Traversal, Patch Available! appeared first on Penetration Testing Tools.

As support for Windows 10 is scheduled to end on October 14, 2025, Microsoft has introduced a paid Extended Security Updates (ESU) program for individuals and organizations unable to transition to Windows 11. Through...

The post Windows 10 Endgame: Microsoft Launches Paid and Free ESU Options Before 2025 Deadline appeared first on Penetration Testing Tools.