Approximately 50,000 Minecraft players have been exposed to a malicious code in skins that can be downloaded directly from the Minecraft website.
The malware that has been infecting players computers can come from several skins, including the three pictured below, and the malware is a Powershell script. The script is designed to reformat hard drives, delete programs and backup data, as reported by Avast in a post on April 17th, 2018.
Avast highlights the major issue with the malicious code by saying, "The malicious code is largely unimpressive and can be found on sites that provide step-by-step instructions on how to create viruses with Notepad. While it is fair to assume that those responsible are not professional cybercriminals, the bigger concern is why the infected skins could be legitimately uploaded to the Minecraft website. With the malware hosted on the official Minecraft domain, any detection triggered could be misinterpreted by users as a false positive."
Avast has additionally reached out to Mojang, who has said they are working on a fix for the issue.
The major issue with this malicious code is the sheer size of the Minecraft player base, and the location of the infected skins. While the majority of players use the general skins in the game, there are many that want to customize their character in a way that they want to! These skins are found on the game's website, meaning that players are not finding this from a third party website.
The best way to avoid being infected? Do not download any skins from the Minecraft website until Mojang states that they have solved the issues and stopped the threat.
If players have downloaded skins from the Minecraft website and aren't sure if they've been affected, three of the infected skins are pictured above. If players think they may have been affected, Avast says that players may be affected if they have noticed these events happening on their computers:
“You Are Nailed, Buy A New Computer This Is A Piece Of Sh*t”“You have maxed your internet usage for a lifetime”“Your a** got glued"
Other evidence of infection includes system performance issues caused by a simple tourstart.exe loop or an error message related to disk formatting."
Ideally Minecraft will have this threat rectified as soon as possible, but until then, players should make sure they are diligent with their downloads.