A new multi-platform Trojan that affects OS X and Windows has been discovered. The threat is a Minecraft password stealer that purports to offer the user additional in-game features. It was found on the Virus Total website. This sort of threat could be placed on a Minecraft forum to entice gamers.
The Java applet, called "Minecraft Hack Kit.jar," tricks the user by offering aggressive in-game features, such as kicking or banning other users, or “ForceOP,” which entails taking over as moderator on a game server.
The Trojan downloads and installs three Java applets from Dropbox:
- minesender.jar (plugin)
- SecCorrect.jar (plugin)
It makes these files invisible to the user and runs them persistently by using the Launch Agents mechanism.
For now, the threat is only stealing Minecraft "lastlogin" passwords and sending the credentials through secure email to the hacker's Hotmail account, but it is able to update and delete itself and its plugins. This may enable the threat to add additional functionality in the future.
Intego VirusBarrier users with up-to-date virus definitions will detect the trojan and its components as Java/Minesteal.A, while NetBarrier detects and warns user of the Java applets’ outgoing connections.