Particle.news
Download on the App Store
7 ARTICLES
·
17h ago

Stargazers Ghost Network’s Fake Minecraft Mods Infect Over 1,500 PCs

Using roughly 500 deceptive GitHub repositories, the campaign channels malicious Java downloaders and a .NET stealer to siphon game account tokens, messaging credentials and crypto wallets.

Minecraft
Image
Image
Image

Overview

  • The Stargazers Ghost Network, a distribution-as-a-service operation likely run by Russian-speaking actors, has deployed roughly 500 malicious GitHub repositories disguised as Minecraft mods since March 2025.
  • When executed, a first-stage Java loader retrieves a stealer that siphons Minecraft account tokens and Discord or Telegram credentials via HTTP POST requests.
  • A second-stage .NET infostealer called “44 CALIBER” collects browser passwords, VPN credentials, cryptocurrency wallets, system information and screenshots before exfiltrating data through Discord webhooks.
  • Check Point Research estimates the ongoing campaign has compromised over 1,500 Windows devices by evading detection with anti-VM and sandbox checks.
  • Players are advised to only download mods from reputable platforms and verified community portals and scrutinize GitHub repositories for signs of fake activity to stay safe.