Minecraft players in Japan are being targeted with Chaos ransomware through fake alt lists. The threat actor is encrypting the unsuspecting players’ systems and demanding ransom.
Chaos ransomware here is tuned for finding and encrypting small files. A ransom worth 2,000 yen is being demanded unlocking later. Though after obtaining the decryptor, large files over 2MB are breaking due to improper configuration of the ransomware operation.
Fake Minecraft Alt Lists
Threat actors are always on the lookout for popular points of exploitation. This could be viral news, a trending situation, seasonal sales, or popular games. Unsuspecting people enjoying the time often fall trap of easy tricks in such situations.
Minecraft players in Japan are few among them. As per FortiGuard researchers, the Chaos ransomware group is targeting Minecraft PC players in Japan with fake alt lists, and encrypting their systems for ransom.
Minecraft is played by over 140 million people worldwide, and it’s the best-selling title in Japan, as per Nintendo. And alt lists are so common among the gaming industry, as malicious players use spare accounts for irritating others and performing bannable stunts.
As such alt lists are always in demand, Chaos ransomware cashed on their popularity and made fake alt lists with their ransomware malware injected in them. These malicious executables are distributed in various gaming forums for free, luring unsuspecting players for downloading and installing them.
Once in, the executable will search for files under 2MB to encrypt, and append a string of four random numbers or alphabets to their extension. And for files over 2MB, it injects random bytes into the file for unknown reasons. This causes to break the file even after opening with a proper decryptor.
For obtaining the decryptor, victims are supposed to pay a ransom of 2,000 yen ($17.56) in pre-paid cards, in the manner detailed by the ransomware gang in Readme text placed in the victim’s system.
Other Trending News:- News