{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Over 1,500 Minecraft Users Infected in Stargazers Ghost Malware Campaign","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/22a841a7\"></iframe>","width":"100%","height":180,"duration":3317,"description":"A malware distribution network hiding in plain sight — on GitHub.This episode unpacks the Stargazers Ghost Network, a massive Distribution-as-a-Service (DaaS) infrastructure run by a threat actor known as Stargazer Goblin. Using over 3,000 GitHub accounts, this operation pushes dangerous information-stealing malware disguised as legitimate game mods and cracked software, particularly targeting communities like Minecraft players.At the center of the campaign are well-known infostealers such as Atlantida, Rhadamanthys, RisePro, Lumma, and RedLine. The delivery mechanism? Sophisticated Java-based loaders, GitHub phishing repositories, and links embedded across platforms like Twitch, TikTok, YouTube, and Discord.Key insights we explore:🎯 Targeted deception: Modded Minecraft downloads hiding Java loaders that drop multiple stealers 💸 Financial motivation: An estimated $100,000 earned by Stargazer Goblin through stolen data 🧠 Social engineering: Repository stars, forks, and watchers used to appear trustworthy 🧪 Anti-analysis: Malware designed to evade detection with anti-VM and anti-sandbox techniques 🔐 Data exfiltration: Passwords, cookies, crypto wallets, VPN credentials, Discord tokens, and more 🌍 Attribution: Russian-language artifacts and UTC+3 activity suggest a Russian-based operatorWe also explore how GitHub’s platform was exploited, the use of password-protected archives to bypass scans, and the tiered account structure that allows malicious repositories to reappear even after bans.With GitHub being abused at this scale — and over 1,500 Minecraft users already infected — this case is a wake-up call for both platforms and end users. The combination of malware-as-a-service (MaaS) and DaaS delivery is lowering the bar for cybercriminals and increasing the risk for everyone online.#StargazersGhost #GitHubMalware #Infostealers #StargazerGoblin #MinecraftMalware #RedLine #Rhadamanthys #LummaStealer #AtlantidaStealer #JavaMalware #MalwareCampaign...","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}