Beware of malicious Minecraft skins that attempt to erase your hard drive

Security firm Avast said it discovered malware lingering in several downloadable Minecraft skins, and that nearly 50,000 accounts have already been infected. While not particularly sophisticated in nature, the malware is designed to reformat hard drives, delete backup data, and remove system programs.

According to Avast, the underlying code of the malware strain is "largely unimpressive and can be found on sites that provide step-by-step instructions on how to create virsuses with Notepad." What's concerning, however, is that the infected skins can be legitimately uploaded to the Minecraft website.

In other words, these aren't necessarily skins that are found on third-party sites. Furthermore, since they're downloadable from Minecraft's official domain, some users might dismiss accompanying security warnings as a false positive.

Users should always take security warnings seriously, of course, but for malware writers it's simply a numbers game. As of the beginning of the year, Minecraft had 74 million players around the world, which is a jump of around 20 million players year-over-year.

"Most players use the default versions provided by Minecraft. This explains the low registration of infections. Over the course of 10 days, we’ve blocked 14,500 infection attempts. Despite the low number, the scope for escalation is high given the number of active players globally," Avast says.

The image at the top of this article shows three examples of Minecraft skins that are infected with malicious code. If you've downloaded one, you should run an antivirus scan right away.

Not all skins contain malware though. The ones that are may tip themselves through one of several symptoms, including reduced system performance caused by a tourstart.exe loop or an error message related to disk formatting. Infected systems might also see a trolling messages, such as "You Are Nailed, Buy A New Computer This Is A Piece Of Shit" or "Your ass got glued."

Obviously this is a self-serving warning on the part of Avast, which offers both free and paid antivirus solutions. Still, the fact that Minecraft is hosting malicious skins is concerning. The good news is Mojang is aware of the issue and is working on fixing the vulnerability that makes this particular malware possible.

UPDATE

A spokesperson for Microsoft provided us with the following statement via email:

"We have addressed this issue and put additional measures in place to protect our community. We encourage players to report any suspicious activity to feedback.minecraft.net."

Update 2

Minecraft's developers provided some further insight in a blog post today, saying that even though the PNG files could contain additional code, and by extension Minecraft's skins, "the code would not be run or read by the game itself" (bolded for emphasis by Mojang).

It seems Avast overstated the issue, given that Minecraft wouldn't actually execute any malware contained in its skins. Nevertheless, Mojang is erring on the side of caution.

"To further protect our players, however, we deployed an update that strips out all the information from uploaded skin files other than the actual image data itself," Mojang said.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

TOPICS