Players who hunt for ‘Alt Lists’ to target other Minecraft gamers are now a potential target for new ransomware. The Chaos gang is encrypting Windows PCs running the insanely popular game, and even destroying locally stored files.
Ransomware operators are now actively going after the gaming community. Video game players, especially those playing Minecraft, are now at risk of losing access to their computers and files.
Chaos Ransomware gangs using weaponized ‘Alt List’ text files to deliver malware:
The video game industry is huge, and hence, a lucrative market, not just for developers and publishers. Malicious code writers regularly offer software that “enhances” a player’s abilities or simplifies gameplay.
It now appears ransomware gangs are exploiting the insane craze about Minecraft to make money by encrypting gamers’ computers. For now, PC gamers using Windows Operating System, and those playing Minecraft, are vulnerable.
Hey @SufyanITRG, look at this ! They crossed the line !
"Chaos ransomware targets gamers via fake Minecraft alt lists"
connected=hacked#cybersecurity #ransomware #minecraft https://t.co/xn2szi5jhA https://t.co/8olPVXmwzk
— tresronours cybersec (@tresronours) October 30, 2021
Minecraft is a popular sandbox video game. More than 140 million people spend hours glued to their devices building cities, skyscrapers, monuments, communities, etc.
According to researchers at FortiGuard, the Chaos ransomware gang is testing a new variant of malware that targets Minecraft players. The malware encrypts the files of players and drops ransom notes asking money to send a decryption key.
Interestingly, the gang attempts to lure players with ‘Alt Lists’. These are essentially plaintext files that should contain stolen Minecraft account credentials. However, in reality, these files contain Chaos ransomware executable.
#FortiGuardLabs discovered a Chaos #ransomware variant targeting Minecraft gamers in Japan that not only encrypts certain files but also destroys others. Our threat analysis shows how this new ransomware variant works: https://t.co/X2amIL33ZI pic.twitter.com/GJfNegO53Z
— FortiGuard Labs (@FortiGuardLabs) October 29, 2021
Alt Files are quite popular in the Minecraft community. Players who wish to troll other gamers without risking their own account, use the Alt Lists. Needless to mention, Minecraft creators and moderators are quick to ban offenders, and hence, the Alt Lists are quite popular.
Spare accounts in Alt Lists are in huge demand, and hence, the Chaos ransomware gang seems to be quite successful in infecting computers running the game.
Ransomware encrypts smaller files and destroys large ones?
The Chaos Ransomware gang’s encryption engine is pretty standard. After successfully infecting a Windows PC, the malware alters file extensions. The group is reportedly demanding 2,000 yen (approx. $17.56) in pre-paid cards.
The malware infecting the Windows PC hunts for files smaller than 2MB and encrypts them. Strangely, if a file is larger than 2MB, the malware injects random bytes into them. This makes larger files unreadable. Concerningly, the files are destroyed, and even the decryption engine fails to recover them.
Minecraft on a school network https://t.co/gDoJbPxzGe #infosec #infosecurity #cybersecurity #threatintel #threatintelligence #hacking #cybernews #cyberattack #threathunting #cloudsecurity #cloudcomputing #malware #ransomware #devops #dfir #cyber
— CyberIQs (@CyberIQs_) October 28, 2021
It is not immediately clear why the Chaos Ransomware gang is destroying large files. Some experts suggest this could be unintentional. The encryption engine could be flawed due to hurried development and haphazard deployment.
It is, however, important to note that ransomware creators are now using Text files. Internet users often ignore the potential threats of such files, and hence, fall victims.