Over 1,500 Minecraft Users Infected in Stargazers Ghost Malware Campaign

A malware distribution network hiding in plain sight — on GitHub.This episode unpacks the Stargazers Ghost Network, a massive Distribution-as-a-Service (DaaS) infrastructure run by a threat actor known as Stargazer Goblin. Using over 3,000 GitHub accounts, this operation pushes dangerous information-stealing malware disguised as legitimate game mods and cracked software, particularly targeting communities like Minecraft players.At the center of the campaign are well-known infostealers such as Atlantida, Rhadamanthys, RisePro, Lumma, and RedLine. The delivery mechanism? Sophisticated Java-based loaders, GitHub phishing repositories, and links embedded across platforms like Twitch, TikTok, YouTube, and Discord.Key insights we explore:🎯 Targeted deception: Modded Minecraft downloads hiding Java loaders that drop multiple stealers 💸 Financial motivation: An estimated $100,000 earned by Stargazer Goblin through stolen data 🧠 Social engineering: Repository stars, forks, and watchers used to appear trustworthy 🧪 Anti-analysis: Malware designed to evade detection with anti-VM and anti-sandbox techniques 🔐 Data exfiltration: Passwords, cookies, crypto wallets, VPN credentials, Discord tokens, and more 🌍 Attribution: Russian-language artifacts and UTC+3 activity suggest a Russian-based operatorWe also explore how GitHub’s platform was exploited, the use of password-protected archives to bypass scans, and the tiered account structure that allows malicious repositories to reappear even after bans.With GitHub being abused at this scale — and over 1,500 Minecraft users already infected — this case is a wake-up call for both platforms and end users. The combination of malware-as-a-service (MaaS) and DaaS delivery is lowering the bar for cybercriminals and increasing the risk for everyone online.#StargazersGhost #GitHubMalware #Infostealers #StargazerGoblin #MinecraftMalware #RedLine #Rhadamanthys #LummaStealer #AtlantidaStealer #JavaMalware #MalwareCampaign #CybersecurityPodcast #DaaS #MaaS #InfoSec #GamingCyberThreats #DiscordMalware

There are no comments yet.

Please log in to write the first comment.