Security researcher MalwareHunterTeam has come across a series of Minecraft money adders that promise to give users free in-game coins, but end up stealing their credentials.
Money adders have been around since the early days of malware, and have boomed after the rise of services like PayPal, and the Steam platform, which played a crucial role in the gaming community's development.
Over the past few days, there's been a flurry of such tools catching the eye of security researchers, and quite a few of them have been created by malware authors that seem to speak Hungarian and also target the Hungarian gaming scene.
The most recent discovery is a tool called LegendaryMC, which targets the Legendary.hu Minecraft gaming community. The tool asks users to enter Legendary.hu account credentials and promises to add the selected quantity of in-game currency.
A deeper look at the code, courtesy of MalwareHunterTeam, shows that the tool merely takes the user's login credentials and sends them to the Gmail address listed in the code.
One hour later, MalwareHunterTeam came across a similar money adder, this time for the MesterMc.hu Hungarian Minecraft community, containing the same code, and the same email address.
Just like the first, this tool was promising to deliver "Bé," an in-game currency known as "Bányászérme," sold on the MesterMC.hu website.
Most money adders take only a few minutes to create
"Usually, these money adders and fake game hacking tools and are advertised in-game chats, forums related to the game, and YouTube," MalwareHunterTeam tells Bleeping Computer.
"There are countless fake money adders and hacking tools," the researcher adds, "like every game, site, service, etc has one."
"There's like a 10 years old tutorial about how to create these tools, and skids still create dozens a day," MalwareHunter adds. "It's less than 5 minutes work. And 4 of 5 is the design."
Jiří Kropáč, malware analyst for AVG, has also seen a rise in money adder-based Minecraft phishing tools. He, as well, discovered one today, called MMC Hack, also targeting the MesterMC.hu community, but using a different set of Gmail credentials.
But Minecraft is not the only game targeted by malware devs. At the end of October, MalwareHunterTeam discovered a similar money adder for the Roblox MMOG platform.
A few days before that, the researcher came across another game credentials phisher disguised as a cheat tool for the Crossfire online tactical first-person shooter.
Crossfire was targeted with the classic "money adder" trick as well.
Then there was this ban remover for Minecraft players.
And how could we forget about this generic Steam money adder.
Or this pretty complex, but equally shady PlayStation Network money adder.
Or this tool that promises to grant Pokemon gamers access to in-game perks, but only steals their credentials, just like all the applications listed above.
And as a bonus, here are two other fake hacking tools, one that promise Instagram likes and one that helps users hack Facebook accounts, but in reality, both collect the unwitting user's login credentials.
The lesson here is that there's nothing free. There's isn't a magic formula that grants gamers extra coins just with the press of a button. In-game currency usually comes at a cost, and it's either your free time spent on quests, real money, or your gaming credentials.