Malware News Sweet Minecraft Mods – The Dark Tale of SugarSMP Scam, Malware & Extortion

[piquiteco]

The redirect had nothing to do with the malicious URL when it appeared in Google Search. From what I understand, what was causing a "redirect" for me in Chrome was the Symantec Browser Protection extension, which displayed its own specific block screen. Since the Symantec Browser Protection extension doesn’t have a back button, it only has options to ignore and report as a false positive. When clicking on Ignore and continue to site The extension redirects to a malicious page, giving the impression that something was redirecting to the website. After I disabled the extension, I figured out why. It’s a good extension, but it’s very aggressive and generates a lot of false positives.

Spoiler: With Symantec Browser Protection disabled

 

[Khushal]

poor response by K analyst. share them the reddit link @harlan4096 telling them it is clearly phishing and user is tricked into believing it is Teams. And your protection failed to prevent the phishing attempt. They have to correct it.

 

[harlan4096]

poor response by K analyst. share them the reddit link @harlan4096 telling them it is clearly phishing and user is tricked into believing it is Teams. And your protection failed to prevent the phishing attempt. They have to correct it.

That site (Teams), reported yesterday, waiting (with phishing sites, They took longer, because they redirect my request to Content Filtering group), and the tool does nothing malicious by itself... if the site is dead or down, K. won't probably add... and sugarsmp site was added yesterday.

 

[Captain Awesome]

VirusTotal

VirusTotal

www.virustotal.com

Only 3 AV detected G-Data, K7, Kaspersky this sample.

 

[rashmi]

Cloudflare Zero Trust DNS

 

[Khushal]

VirusTotal

VirusTotal

www.virustotal.com

Only 3 AV detected G-Data, K7, Kaspersky this sample.View attachment 296423View attachment 296426

detection later added by all 3 vendors.

 

[Captain Awesome]

detection later added by all 3 vendors.

K7 detected it by Susp at first.

 

[Captain Awesome]

K7 Safe Surf

 

[struppigel]

quite unfortunate to see him being inactive. Surprisingly he is quite active on reddit. It seems he was fed up with the MWT community.

Hi, I wasn't fed up. It just happened kinda slowly that I got less active here.

related earlier MalwareTips post

Thread 'VT undetected Java (.jar) Minecraft Mod file used as Loader for Payload'

Feb 9, 2026

Here's an apparent game mod (.jar) with no detection on VirusTotal.

https://community.bitdefender.com/en/discussion/comment/361034

I've recently been targeted via Discord by a threat actor that tried to make me load a Minecraft Mod that he linked via chat. Actor displayed multiple threat vectors in a well organized scheme mixing social engineering, discord features and low-security Minecraft Bedrock java runtime to hack and steal information from victims.

The full brief report I made:....

• Wrecker4923
• Replies: 1
• Forum: News Archive

• 
• 

Gdata expert and his allies have an interesting blogpost for all of us.
IoCs contain FUD VT files or only one detection which is shocking.

VirusTotal

VirusTotal

www.virustotal.com

VirusTotal

VirusTotal

www.virustotal.com

@TuxTalk will be proud of Gdata's research. Thanks @rifteyy for his contribution.

Minecraft: SugarSMP's Dark Tale of Scams, Malware & Extortion

Some Minecraft players were looking for safe haven away from griefers, but found an elaborate web of malware, deception and extortion.

blog.gdatasoftware.com

Thank you for sharing our blog article!