View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 16, 2022updated 05 Jan 2023 12:57pm

Minecraft-targeting botnet MCCrash can spread to Linux devices

MCCrash aims to take down servers of the popular online game, and is capable of spreading to IoT devices, it has been revealed.

By Claudia Glover

A botnet targeting the servers of the popular online game Minecraft can spread onto different platforms, Microsoft security researchers have warned. The botnet, MCCrash, is capable of taking over Linux-based devices despite originating as malware in Microsoft software. MCCrash has been designed to launch distributed denial of service (DDoS) attacks on Minecraft servers.

Minecraft servers targeted by botnet than runs on both Linux and Microsoft. (Photo by PREMIO STOCK/Shutterstock)

The botnet, known by researchers DEV-1028, has specific spreading capabilities that allow it to originate in malicious software downloaded on Windows, to then spread onto Internet of Things (IoT) connected devices running on Linux. This enables its infrastructure to grow rapidly.

How does MCCrash malware infiltrate Linux devices?

The malware is uploaded through illegally downloaded Windows operating system licences, Microsoft believes. Once uploaded, it has the ability to run on both Windows and Linux-based devices.

The botnet is then used to launch DDoS attacks against Minecraft servers, “using known server DDoS commands and unique Minecraft demands,” according to Microsoft. All versions of Minecraft between 1.7.2 and 1.18.2 can be affected by this method of attack.

It spreads to connected Linux devices by trying to access them using default security credentials, which are often left unchanged after the devices are set up. “Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet,” Microsoft says.

Most of those affected appear to be in Russia, with other victims reported in Kazakhstan, Uzbekistan, Ukraine, Belarus Czechia, Italy, India and Indonesia. Microsoft did not disclose the scale of the campaign.

Malware targeting insecure IoT devices running on Linux is on the rise. According to a report from security vendor Trend Micro, there was a 75% increase in ransomware attacks targeting Linux systems in the first half of 2022. 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

A Crowdtrike report says there was a 35% increase year-on-year of malware targeting Linux devices, the primary goal of which was to “pull them into a botnet and use them for DDoS attacks.”

“This type of threat stresses the importance of ensuring that organizations manage, keep up to date, and monitor not just traditional endpoints but also IoT devices that are often less secure,” Microsoft’s blog post says.

Read more: Ten-point plan to boost open source security revealed

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.