50,000 Minecraft Players Fell Victim to Rogue Skins That Would Reformat Hard Drives, Delete System Files [How to Fix]

Rafia Shaikh
minecraft skins malware

Nearly 50,000 Minecraft accounts have been infected with malware that was designed to reformat hard drives and delete backup data and system files. The malware was being distributed via Minecraft skins created in PNG format. Since these modified skins for avatars were uploaded to the official Minecraft site, it was difficult for a player to know if they were actually malicious programs.

The security issue was first reported by Avast Threat Labs when the team discovered user-created Minecraft character skins carrying malware. The team was concerned over how the criminals managed to get these malicious skins on the official Minecraft website. Avast had said that they were working with Mojang, the creators of Minecraft, to work out a way that could detect these legitimately uploaded, but malware-carrying skins.

Related StoryNathan Birch
Minecraft Bans NFTs/Blockchain, Mojang Doesn’t Want “Profiteering” or “Have and Have-Nots”

High success rate due to the popularity of Minecraft

Considering the popularity of this world-building game, the market for Minecraft skins is also quite a world in itself, with tens of thousands of skins created by fans available across several websites. Avast said that since the infected skins were being distributed through the official Minecraft site, warnings of infection could have been taken as an error by users.

"With the malware hosted on the official Minecraft domain, any detection triggered could be misinterpreted by users as a false positive," researchers wrote.

The security firm added that the code wasn't sophisticated and likely didn't come from professionals. However, since the game attracts over 74 million players, even a small percentage of users falling for these infected skins ended up giving criminals quite a long victim list.

Out of these 74 million users, only 50,000 are expected to have been affected. "Despite the low number, the scope for escalation is high given the number of active players globally," the researchers wrote.

Microsoft has now removed the infected skins from the site. "We have addressed this issue and put additional measures in place to protect our community,” a company spokesperson said. "We encourage players to report any suspicious activity to feedback.minecraft.net."

Detection and getting out of the mess

It remains unclear if the company has notified affected users. If you have been using a modified skin, it might be a good time for a full scan of your machine.

One sign that you might have been affected are unusual messages in your account inbox. They'd carry messages like:

“You Are Nailed, Buy A New Computer This Is A Piece Of Sh*t”

“You have maxed your internet usage for a lifetime”

“Your a** got glued”

Apart from this, you might also notice system performance issues caused by a tourstart.exe loop or an error message related to disk formatting.

Along with a full scan, Avast suggested that the "Minecraft application may require reinstallation" and in "extreme circumstances where user machines have already been infected with the malware and systems files have been deleted, data restoration is recommended."

For more details, head over to Avast.

Share this story

Deal of the Day