Security researcher MalwareHunterTeam has come across a series of Minecraft money adders that promise to give users free in-game coins, but end up stealing their credentials.

Money adders have been around since the early days of malware, and have boomed after the rise of services like PayPal, and the Steam platform, which played a crucial role in the gaming community's development.

Over the past few days, there's been a flurry of such tools catching the eye of security researchers, and quite a few of them have been created by malware authors that seem to speak Hungarian and also target the Hungarian gaming scene.

The most recent discovery is a tool called LegendaryMC, which targets the Legendary.hu Minecraft gaming community. The tool asks users to enter Legendary.hu account credentials and promises to add the selected quantity of in-game currency.

LegendaryMC money adder
LegendaryMC money adder

A deeper look at the code, courtesy of MalwareHunterTeam, shows that the tool merely takes the user's login credentials and sends them to the Gmail address listed in the code.

LegendaryMC money adder source code
LegendaryMC money adder source code

One hour later, MalwareHunterTeam came across a similar money adder, this time for the MesterMc.hu Hungarian Minecraft community, containing the same code, and the same email address.

Just like the first, this tool was promising to deliver "Bé," an in-game currency known as "Bányászérme," sold on the MesterMC.hu website.

MesterMC money adder
MesterMC money adder

Most money adders take only a few minutes to create

"Usually, these money adders and fake game hacking tools and are advertised in-game chats, forums related to the game, and YouTube," MalwareHunterTeam tells Bleeping Computer.

"There are countless fake money adders and hacking tools," the researcher adds, "like every game, site, service, etc has one."

"There's like a 10 years old tutorial about how to create these tools, and skids still create dozens a day," MalwareHunter adds. "It's less than 5 minutes work. And 4 of 5 is the design."

Jiří Kropáč, malware analyst for AVG, has also seen a rise in money adder-based Minecraft phishing tools. He, as well, discovered one today, called MMC Hack, also targeting the MesterMC.hu community, but using a different set of Gmail credentials.

MMC Hack money adder
MMC Hack money adder

But Minecraft is not the only game targeted by malware devs. At the end of October, MalwareHunterTeam discovered a similar money adder for the Roblox MMOG platform.

Roblox money adder
Roblox money adder
Roblox money adder source code
Roblox money adder source code

A few days before that, the researcher came across another game credentials phisher disguised as a cheat tool for the Crossfire online tactical first-person shooter.

Crossfire anti-cheat tool
CrossfirePH cheat tool
CrossfirePH cheat tool source code
CrossfirePH cheat tool source code

Crossfire was targeted with the classic "money adder" trick as well.

Crossfire money adder
Crossfire money adder
Crossfire money adder source code
Crossfire money adder source code

Then there was this ban remover for Minecraft players.

Minecraft ban remover
MC No Ban Minecraft ban remover
MC No Ban Minecraft ban remover source code
MC No Ban Minecraft ban remover source code

And how could we forget about this generic Steam money adder.

Steam money adder
Steam money adder
Steam money adder source code
Steam money adder source code

Or this pretty complex, but equally shady PlayStation Network money adder.

PSN money adder
PSN money adder
PSN money adder source code
PSN money adder source code

Or this tool that promises to grant Pokemon gamers access to in-game perks, but only steals their credentials, just like all the applications listed above.

Pokemon cheat tool
Pokemon cheat tool
Pokemon cheat tool source code
Pokemon cheat tool source code

And as a bonus, here are two other fake hacking tools, one that promise Instagram likes and one that helps users hack Facebook accounts, but in reality, both collect the unwitting user's login credentials.

Instagram likes hacker
Instagram profile booster
Instagram profile hacker
Instagram profile booster
Facebook Hacking Software
Facebook Hacking Software

The lesson here is that there's nothing free. There's isn't a magic formula that grants gamers extra coins just with the press of a button. In-game currency usually comes at a cost, and it's either your free time spent on quests, real money, or your gaming credentials.

Related Articles:

Advocacy Groups Call for the FTC to Break Up Facebook

Phishing Roundup: Caracal, Stealth Mango, Tangelo, Apple, DHL, eFax & More

Hamas Lures Israeli Soldiers to Malware Disguised in World Cup and Dating Apps

Popular Software Site Hacked to Redirect Users to Keylogger, Infostealer, More

Malware Found in Arch Linux AUR Package Repository