Minecraft Japanese gamers hit by Chaos ransomware using alt lists as lureSecurity Affairs

Chaos Ransomware operators target gamers’ Windows devices that use Alt Minecraft lists as a lure and promote them in game forums.

Minecraft is one of the most popular games in the world, it had more than 140 million active players in August 2021. Cybercriminals are trying to take advantage of this popularity, Chaos Ransomware gang targets Windows gamers of Japanese gamers using fake Altecraft Alt lists promoted in game forums.

FortiGuard lab researchers who have reported the attacks have noticed that a version of the ransomware run in the attacks not only encrypts some files but also destroys others.

FortiGuard Labs Recently discovered a version of the chaos Heresy Which seems to be aimed at Minecraft players in Japan. This version not only encrypts some files but also destroys others, making them unrecoverable. If gamers fall prey to an attack, the choice to pay the ransom can still lead to data loss. In this report we will review how this new ransomware version works analysis Posted by experts.

Alternative accounts, called ‘Alts’, are created by Minecraft gamers for various purposes such as resisting / trolling other players, providing alternate identity / personality in the game, or to avoid blocking their main account due to the use of cheats.

Shared Alt lists in Minecraft online forums often contain stolen accounts used by gamers for the above purposes.

The version of Chaos’s ransomware detected by the researchers was hidden in a file purported to contain a list of “Minecraft Alt” accounts.

“In this case, the file is an executable file, but it uses a text icon to trick potential victims into thinking it’s a full text file with usernames and passwords compromised for Minecraft. Although we do not know how this specific fake list is distributed, it’s a safe guess. Japanese. ” Fortint continues.

Upon opening the executable file, the malware will execute and search for small files from 2,117,152 bytes on a hacked computer to encrypt them. The ransomware program adds four random characters, selected from “abcdefghijklmnopqrstuvwxyz1234567890”, to the file name of the encrypted files.

Files larger than 2,117,152 bytes with specified file extensions are filled with random bytes making them impossible to recover without paying the ransom. Like other ransomware, this version of the ransomware Chaos deletes shadow copies from the hacked machines.

The group requires 2,000 yen worth of bitcoin (~ $ 17.56) or prepaid cards.

The ransom note (ReadMe.txt) placed on the infected systems does not specify what type of prepaid card can be used to pay the ransom, all kinds of prepaid cards (online shopping, games, music, mobile phone payment and online streaming services) should be fine .

The ransom note, written in Japanese, also states that the attacker can only be obtained on Saturdays and apologizes for the inconvenience caused to him.

“There’s nothing fancy about this version of Chaos’s ransomware nor its pollution vector. However, despite the cheap demand for ransomware, its ability to destroy data and make it unrecoverable makes it more than just a prank to upset Japanese Minecraft gamers. Ransomware is still there. Ransomware, and in this case, the victim may not be able to return his original files, with or without making a ransom payment. ” Fortint concludes. “The best advice is for players to stay away from suspicious cheat sites and just enjoy the game as it is meant to be played.”

Follow Follow me on Twitter: @securityaffairs and Facebook

Fairluigi Paganini

(Security matters Hacking, minecraft)






Source

Chaos Ransomware operators target gamers’ Windows devices that use Alt Minecraft lists as a lure and promote them in game forums.

Minecraft is one of the most popular games in the world, it had more than 140 million active players in August 2021. Cybercriminals are trying to take advantage of this popularity, Chaos Ransomware gang targets Windows gamers of Japanese gamers using fake Altecraft Alt lists promoted in game forums.

FortiGuard lab researchers who have reported the attacks have noticed that a version of the ransomware run in the attacks not only encrypts some files but also destroys others.

FortiGuard Labs Recently discovered a version of the chaos Heresy Which seems to be aimed at Minecraft players in Japan. This version not only encrypts some files but also destroys others, making them unrecoverable. If gamers fall prey to an attack, the choice to pay the ransom can still lead to data loss. In this report we will review how this new ransomware version works analysis Posted by experts.

Alternative accounts, called ‘Alts’, are created by Minecraft gamers for various purposes such as resisting / trolling other players, providing alternate identity / personality in the game, or to avoid blocking their main account due to the use of cheats.

Shared Alt lists in Minecraft online forums often contain stolen accounts used by gamers for the above purposes.

The version of Chaos’s ransomware detected by the researchers was hidden in a file purported to contain a list of “Minecraft Alt” accounts.

“In this case, the file is an executable file, but it uses a text icon to trick potential victims into thinking it’s a full text file with usernames and passwords compromised for Minecraft. Although we do not know how this specific fake list is distributed, it’s a safe guess. Japanese. ” Fortint continues.

Upon opening the executable file, the malware will execute and search for small files from 2,117,152 bytes on a hacked computer to encrypt them. The ransomware program adds four random characters, selected from “abcdefghijklmnopqrstuvwxyz1234567890”, to the file name of the encrypted files.

Files larger than 2,117,152 bytes with specified file extensions are filled with random bytes making them impossible to recover without paying the ransom. Like other ransomware, this version of the ransomware Chaos deletes shadow copies from the hacked machines.

The group requires 2,000 yen worth of bitcoin (~ $ 17.56) or prepaid cards.

The ransom note (ReadMe.txt) placed on the infected systems does not specify what type of prepaid card can be used to pay the ransom, all kinds of prepaid cards (online shopping, games, music, mobile phone payment and online streaming services) should be fine .

The ransom note, written in Japanese, also states that the attacker can only be obtained on Saturdays and apologizes for the inconvenience caused to him.

“There’s nothing fancy about this version of Chaos’s ransomware nor its pollution vector. However, despite the cheap demand for ransomware, its ability to destroy data and make it unrecoverable makes it more than just a prank to upset Japanese Minecraft gamers. Ransomware is still there. Ransomware, and in this case, the victim may not be able to return his original files, with or without making a ransom payment. ” Fortint concludes. “The best advice is for players to stay away from suspicious cheat sites and just enjoy the game as it is meant to be played.”

Follow Follow me on Twitter: @securityaffairs and Facebook

Fairluigi Paganini

(Security matters Hacking, minecraft)






Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Security For Want of a Nail

Do not Overlook Lifecycle and Data Management Details By Gregory Hoffer, CEO, Coviant Software Threat actors are a relentless bunch. They continue to evolve their...

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!