50,000 gamers infected with malware after downloading Minecraft skins

Malicious code uploaded onto the official Minecraft website

Minecraft players infected with malware

Around 50k Minecraft players were exposed to malware after it was uploaded onto the official game's website. The virus is capable of destroying backup data and system programs, and wiping out the hard drives. The malicious code was added to downloadable Minecraft skins that are typically used to change the appearance of the in-game character.

The main symptom caused by this malware is a clear system slowdown. In this case, you should check your Task Manager for the process called tourstart.exe. Additionally, victims can get error messages regarding formatting of their hard drive and insulting messages, such as:

You Are Nailed, Buy A New Computer This Is A Piece Of Sh*t
You have maxed your internet usage for a lifetime
Your a** got glued

According to Avast malware researchers, virus relies on the PowerShell[1] script, showing that it is not designed by a professional hacker. Most likely, it was a work of an amateur IT enthusiast seeking to annoy Minecraft players and disrupt their gaming. Nevertheless, the malware could be stopped and deleted by the up-to-date security software.

Even though the virus is amateur, it does not change the fact that it someone managed to upload malware onto the official Minecraft server, which is very concerning. Minecraft has a player base of 74 million[2] people, and 43% of those players are between 15 to 21 years old – this group is the most susceptible to the attack.

Security concerns

The skins that were infected with malware look quite unusual: a yellow full-body suit, colorful disco wear and something that reminds a deep-sea diver outfit. Maybe because of that, as many as 50,000 people decided to download them. Nevertheless, Avast security experts reported[3] about blocking 14,500 infection attempts in past ten days.

Even if security software can recognize malware, the fact that skins were downloaded from the official website might stop users from deleting the malicious file. Thus, it makes the infection even more dangerous.

Mojang came up with the solution

Mojang has already issued the official report[4] regarding this issue involving Minecrraft players. The company apologizes that any player had been able to upload the skin in PNG format. Unfortunately, these files could contain things other than images, including the malicious code. However, Minecraft developers took a step further and updated their security procedures:

To further protect our players, however, we deployed an update that strips out all the information from uploaded skin files other than the actual image data itself.

Security experts advise players to stay at bay by not downloading any modified skins from the official website. Those who have already been affected by malware should scan their machines with reputable security software and eliminate the threat. If the virus damaged your PC already, it might be necessary to restore data from a backup,[5] as well as reinstall Minecraft game.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at 2-Spyware.com. She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions