Hijacked friend accounts are spamming invites to fake servers that push malware-laden downloads. The remote access trojan grabs passwords, session tokens, crypto wallets and keeps spreading from your machine.
If a Discord friend suddenly slides into your DMs hyping a private Minecraft server and a custom modpack to try, think twice. According to a warning published today, scammers have scaled up a campaign that hijacks accounts and then uses those trusted names to spread remote access trojans hidden in fake modpacks and launchers.
How the Attack Chain Works
- A compromised Discord account sends a seemingly innocent invite to join a test server or try a new modpack.
- The link leads to a download that looks like a legitimate Minecraft client tweak or mod collection.
- Once executed the RAT steals browser passwords, Discord tokens, Minecraft session data, crypto wallets and screenshots.
- The malware then scans the victims contact list and repeats the process from the newly owned account.
The tactic works because it exploits trust. You are far more likely to download something from someone on your friends list than a random link in global chat. By the time you notice something is off your Microsoft account may already be logged in from another location or your 2FA prompt bypassed via stolen session cookies.
Immediate Protection Steps
- Never download modpacks or launchers from Discord links even if sent by friends. Verify the invite through voice chat or another platform first.
- Enable 2FA on your Microsoft and Discord accounts and avoid reusing passwords.
- Run reputable antivirus that catches RAT behavior and keep Minecraft clients updated only through official channels.
- If you already clicked, change passwords immediately from a clean device, revoke all active sessions and scan the machine.
This is not a theoretical threat. Similar Minecraft-targeted malware campaigns have already racked up tens of thousands of infections this year by posing as popular mods and cheats. The difference now is the social engineering layer that makes it land harder inside private circles. Mojang cannot patch bad decisions on third-party platforms so the defense sits with players.
Stay skeptical. The server that sounds too good to miss usually is especially when the pitch comes from an account that has never mentioned Minecraft before.
