Overview

• The campaign has run since March under the Stargazers Ghost Network, a probable Russian-speaking distribution-as-a-service operation on GitHub.
• Researchers identified about 500 cloned or forked repositories and roughly 70 fake accounts that generated some 700 stars to lend credibility to malicious mods.
• A concealed Java downloader masquerading as popular cheats fetches a Java-based stealer for Minecraft tokens before deploying a .NET infostealer named 44 CALIBER for wider data theft.
• 44 CALIBER harvests credentials from web browsers, cryptocurrency wallets, VPN clients and messaging apps while also capturing screenshots and clipboard contents.
• Up to 1,500 Windows devices may be infected and experts advise downloading mods only from verified community portals and using secondary accounts for testing.