Minecraft is the best-selling game of all time, and part of its charm is the number of mods you can install to customize your gameplay. From additional types of games, such as Pixelmon, to making the digital Minecraft world look as realistic as the real world! However, you have to first download and install these mods into your game files. Unfortunately, a recent discovery reveals that some modifications are doing more than tweaking visuals or gameplay. They’re silently hijacking personal data.
A Hidden Threat Behind Familiar Files
A malware campaign known as the Stargazers Ghost Network has quietly infected hundreds of GitHub repositories since March 2025. These fake Minecraft mods appeared convincing, complete with polished descriptions and high star counts, tricking even experienced users into downloading them. But instead of enhancing gameplay, the files delivered malicious Java loaders designed to compromise personal devices.
Once active, these loaders installed stealthy secondary payloads that targeted sensitive information. Victims had their Minecraft credentials, Discord sessions, and even cryptocurrency wallets harvested without warning. The final stage involved a powerful .NET-based malware called 44 CALIBER, which dug through browsers, VPNs, and local files before leaking the stolen data through Discord webhooks.
What made these attacks especially deceptive was their sophistication. Fake popularity metrics on GitHub gave users a false sense of security, while the malware remained virtually undetectable during initial use. By the time players noticed anything wrong, their data was already gone.
Why Minecraft’s Modding Community Became a Prime Target
The keyword Minecraft mods might suggest a niche interest, but in reality, the community sees over 200 million active players each month. That kind of volume makes it a natural target for cybercriminals, especially when many players are teens and young adults who might be less cautious about downloading third-party content.
The growing use of GitHub for sharing mods has only expanded the attack surface. Developers often turn to the platform for its flexibility and reach. However, the content shared on GitHub doesn’t have to go through strict vetting or moderation. This is exactly the reason why it’s become a backdoor for malicious actors.
How to protect yourself from these mods
You can’t protect yourself 100% from getting infected with this type of malware if you download third party software. However, there are ways you can minimize your chances. For example, you can always use trusted platforms like CurseForge. This platform offers basic protections on the mods you download through their platform. These safety measures make them a safer choice for users looking to explore mods without compromising their security.
