How the Malware Works

Malicious code can be hidden in a lot of surprising places! This particular malware was hidden away within the metadata for a PNG file. Metadata is usually used to give more information on a picture; for example, photos can contain information related to it, such as the date it was taken. Metadata can also be tweaked by malicious users to include code that can do harm to computers. In this Minecraft malware case, the culprit laced Minecraft skins with malicious code within the metadata of the Minecraft skins. This code will send strange and obscene messages to the user’s account inbox before wiping the hard drive.

What made this attack particularly successful is that the user managed to get the skins uploaded onto big distribution sites. From there, users downloaded the skins and uploaded them to the game where the skins were hosted on an official Minecraft texture server without an issue. This then meant the malware could do its job without a problem.

How to Beat It

Thankfully, this kind of attack isn’t too complicated or intricate. As the author of the Avast antivirus report on the malware states: “The malicious code is largely unimpressive and can be found on sites that provide step-by-step instructions on how to create viruses with Notepad.” The avatars that were uploaded to the main site have since been deleted, and the game has been edited to strip unnecessary metadata from avatars. People who have downloaded the avatars or uploaded them before the patch, however, might still be infected. Avast published a picture of the following skins which were confirmed to be infected with the malware.

If you downloaded and used an infected skin, you may see strange and crude messages appearing in your inbox, notifying you that “You have maxed your Internet usage for a lifetime” or that “You are nailed.” You may also experience issues such as poor system performance due to a process loop or error messages appearing. If you see these, it’s best to update your antivirus immediately and do a scan to fix the issue, After, you may need to reinstall Minecraft in order to get it back into working condition. If the malware has already performed its primary function and harmed the system files, you may need to restore the data and repair the operating system to the best of your ability. Moving forward, it’s a good idea to only download skins from trusted sources that have been uploaded for a long period of time. If you download a skin and your antivirus claims it’s malware, don’t automatically assume it’s a false positive. There’s a very real chance the skin you just grabbed has something nasty lurking within!

Minecraft Maladies

With people wising up on common malware distribution tactics, malicious users are always finding new ways to sneak malware onto the computers of unsuspecting victims. Now you know how Minecraft came under attack, how to cure the problem if you were infected, and how to stop a future attack. Does this make you more wary of downloading files from the Internet? Or is this simply par for the course of what we’ve seen in the past? Let us know below.