More than 1,500 Minecraft players were infected with information stealing malware after being faked game modules hosted on GitHub.

Security researchers pointed out that a Russian-speaking hacker group identified as the Stargazers Ghost Network bundles undetected cheating software with Java and .NET stealing programs, and automatically transmits data once the game starts.

The attack stole browser passwords, cryptocurrency wallet content and Discord authentication tokens from the victim's system.While the malicious code base has been offline, investigators warn that similar scams targeting popular game mod platforms may make a comeback, calling on players to get modules from trusted sources and keep security protections up to date.

Security analysis shows that these fake modules disguised as popular Minecraft feature extensions, such as high-definition material packages, automation tools or special bio modules, are attracted by tags such as "free" and "exclusive" on GitHub.The attackers even forged user reviews and star counts to improve credibility.When the player installs it, the malicious code will first load the game content normally and reduce its vigilance, and then establish a persistent connection in the background to continuously steal sensitive system information.