Minecraft players might find themselves at risk for a malware that's spreading. According to Avast, 50,000 accounts have fallen victim to a malicious code which infects your computer and reformats users' hard drives. Supposedly, this malware isn't complex at all, but the issue is that people were able to upload this virus via Minecraft skins, and onto the official Minecraft site, where many people go to in order to download skins for their characters. With a 75 million playerbase, there's a multitude of users that could be potentially affected, although only younger users are more likely to download skins, therefore leaving them the most susceptible to downloading the malware. There's a handful of specific skins, such as the ones above, that have the malware script attached, but it would be the safer option to not download any skins at this time. Claims are being made that if an affected user joins a host that you're on, it can also affect you as well and put you at risk, though this is unverified.

Affected users that wound up downloading an infected skin began receiving unusual messages in their inbox on the Mojang site, such as,

“You Are Nailed, Buy A New Computer This Is A Piece Of Sh*t”
“You have maxed your internet usage for a lifetime”
“Your a** got glued”

There's also a variant that can affect "tourstart.exe" on your computer, which causes massive performance issues to your PC, especially on startup. Avast claims that they've protected over 15,000 threats by removing the harmful software, or preventing it from downloading. At the time of writing, the issue has not been resolved, but Mojang is currently working to address this problem.

Source

Edit: The Minecraft official Site has responded to the problem and have fixed this issue.

This is now resolved, but we wanted to explain what happened and the measures we’ve put in place to protect our community.

Any Minecraft: Java Edition player can upload their own custom skin in the widely-used PNG file format to our webservice at minecraft.net and this will then appear on their character in-game. PNG files can contain things other than an image, such as metadata, which includes information on what tool created it, when it was made, who made it, etc. This meant that PNG files could be created containing code in this inert part of the skin file. However, this code would not be run or read by the game itself.

While your antivirus software might detect this code and alert you to its presence, the code would not be able to run by itself. Additionally, even if you found the code within the file and chose to run it, your antivirus software should detect and block the attempt.

To further protect our players, however, we deployed an update that strips out all the information from uploaded skin files other than the actual image data itself.

Supposedly, the claims by Avast were false, and that code hidden in the skins couldn't actually be executed, according to Minecraft developers. Regardless, any potential for such a problem to occur with the Java version has been fixed.

 

[MewAndKirby]

i hope this malware is not in my hilarious ugandan knuckles meme skin lol gamer

 

[The Catboy]

This honestly sounds like some kid made a virus to be edgy or something stupid.

 

[KingVamp]

Feel sorry for the people who were effected.

Good thing I don't play Minecraft. Now people will actually take me seriously when I say, "Minecraft is a hazard. Don't play it!"

 

[MiguelinCrafter]

Someone must really hate minecraft

 

[GhostLatte]

About time someone takes action against a toxic community of a game.

 

[dAVID_]

About time someone takes action against a toxic community of a game.

Yeah everybody, let's hate on Minecraft.

 

[Garblant]

This honestly sounds like some kid made a virus to be edgy or something stupid.

Probably wouldn't be the first time,

Yeah everybody, let's hate on Minecraft.

Wait, I thought we were hating on sonic?

 

[tech3475]

Things like this are why I say you should have an AV of some kind, theyre not perfect but then unless you stop using your computer, ‘common sense’ only goes so far and I doubt most people would think of minecraft and its official site as a source of malware.

 

[Pluupy]

Seriously? You are here on gbatemp, a console hacking site, and don't understand that

Woops sorry. I was absent the day after I registered GBATemp and missed out on the tech degrees being handed out.

 

[jimmyj]

Seriously? You are here on gbatemp, a console hacking site, and don't understand that there is no such thing as a harmless file and that almost any file type can be used to execute arbitrary code.

Remember, Soundhax is/was just an AAC audio file yet gave full access to the 3DS including it's arm9 security chip thus allowing the installation of full blown custom firmware. That's right, full blown custom firmware just by playing a "harmless" music file.

--------------------- MERGED ---------------------------



Or the png file itself contains the malware. After all if you can get full blown custom firmware on a system just by playing a "harmless" sound file then why not? It's not like Microsoft is known for good security.

Calm your fucking tits . i just asked a fucking question

Seriously? You are here on gbatemp, a console hacking site, and don't understand that there is no such thing as a harmless file and that almost any file type can be used to execute arbitrary code.

Remember, Soundhax is/was just an AAC audio file yet gave full access to the 3DS including it's arm9 security chip thus allowing the installation of full blown custom firmware. That's right, full blown custom firmware just by playing a "harmless" music file.

--------------------- MERGED ---------------------------



Or the png file itself contains the malware. After all if you can get full blown custom firmware on a system just by playing a "harmless" sound file then why not? It's not like Microsoft is known for good security.

 

[Joom]

Meanwhile, GBATemp tries to explain malware. This is Mojang's fault for not sanitizing images upon upload. The "hacker" just used a trick older than the internet. This wasn't some complex hack or anything like that. The dude just packed an SFX into a PNG.

Calm your fucking tits . i just asked a fucking question

It's ok, he doesn't know what he's talking about.

Things like this are why I say you should have an AV of some kind, theyre not perfect but then unless you stop using your computer, ‘common sense’ only goes so far and I doubt most people would think of minecraft and its official site as a source of malware.

An AV won't protect against most Batch scripts unless they're already notorious. This kid packed a script into an SFX, then packed it in a PNG using either the CAB tool on Windows, or cat on Linux.

 

[tech3475]

Meanwhile, GBATemp tries to explain malware. This is Mojang's fault for not sanitizing images upon upload. The "hacker" just used a trick older than the internet. This wasn't some complex hack or anything like that. The dude just packed an SFX into a PNG.


It's ok, he doesn't know what he's talking about.


An AV won't protect against most Batch scripts unless they're already notorious. This kid packed a script into an SFX, then packed it in a PNG using either the CAB tool on Windows, or cat on Linux.

Re-read the op, particularly the last paragraph.

In this case it did help protect some people.

 

[Joom]

Re-read the op, particularly the last paragraph.

In this case it did help protect some people.

I read it. This just means that Avast added string heuristics, which are easily bypassed. They're just tooting their own horn to try and draw in more customers for their snake oil.

 

[Bladexdsl]

bwa hahahaha that's what you get for playing this shitty game

 

[Beerus]

this was the case of minecraft script kiddies

 

[lAkdaOpeKA]

Java

 

[SimonMKWii]

It only applies to Minecraft players, so nobody of value is affected!
I'm a terrible person...

 

[Foxi4]

I am guessing this is just the inferior C based versions, since this should not do anything on the real version.

>C
>Inferior to Java

Sit in the corner facing the wall and think about what you've said until you start feeling bad.

 

[Pomegrenade]

Oh my, no Minecraft for the whole month i guess

 

[Valery0p]

Can anyone check out the skin linked from avast? So we can end theorizing:

Spoiler

http://textures.minecraft.net/texture/37996a0a5ed45f7ea2c2a42f86976947825a2673e9419b59ba6e23d5f6f0