Keylogger found in Minecraft plugin

Keylogger found in Minecraft plugin

MineCash, a Minecraft plugin, has attracted the ire of Minecraft fans after it was discovered to have a hidden trojan inside. This came to light after a reddit post gained over 1000 upvotes. It was incorrectly titled a keylogger, when infact it is a trojan. It is installed a plugin and takes your information from the login boxes and sends it to the website mentioned in the image.

The text on the image, in Polish, is translated to "reading the saved password and sending it to a www website". But anyone with any technical skill and knowledge can guess what this nefarious program does. Later on, people investigated more and discovered that the website only has one file on the website. However, let's not take this lightly. Security is always a serious thing. For one, this could be a static webpage tricking the viewers into thinking there is one webpage. And secondly, even if you didn't download this plugin, still learn how to make your Minecraft account (or any account for that matter) more secure.

I keep saying this and I'll say it here again.

Any mod, launcher, or 3rd party tool that you use is capable of:

  • Stealing your username/password for them to sell it later
  • Stealing other personal details on your computer
  • Corrupting things on your computer; your save games for minecraft or other more important things.
  • Pretty much anything that you can do, but in secret.

There is absolutely no way to prevent it. It's just a fact. Whether or not it's a sketchy mod on freeminecraftmods4u.ko or a very famous and popular mod from minecraftforum.net, they are both as capable of doing bad things.

Short url : http://crafthub.net/blog/ZT/

Pingbacks are open.