“Cozy Minecraft without griefers” — promised the server. Kids downloaded mods, parents got a stealer and $300 blackmail

Building your own base in Minecraft is incredibly satisfying, especially when no one disturbs you. That’s why private servers labeled «griefer-free» attract thousands of players seeking a peaceful gaming experience. Recently, one such project called SugarSMP turned into a real nightmare for gamers and their parents. Instead of a cozy community, users ended up with malware, personal data loss, and demands for hundreds of dollars in payment.

The illusion of safety and deceptive tactics

The creators of SugarSMP were quite cunning. They built an attractive website, posted screenshots of peaceful builds, added a FAQ section, and even inflated the number of online players. To access this «safe» server, players were required to meet just one condition: download and install a special mod archive.

Technically, this sounded logical. The Fabric platform indeed requires client and server modifications to match. However, this requirement became the main trap. The attackers exploited players’ trust to make them manually place malicious files into the game folder.

What was hidden inside the archive

At first glance, the unpacked archive seemed harmless. It contained popular mods for game optimization, such as Sodium and Iris Shaders. But the attackers hid a surprise in the overrides folder. There lay a file disguised as the well-known mod AppleSkin.

The real AppleSkin simply improves the hunger bar display in the interface. The fake version did the same, so players didn’t suspect anything. However, in the background, this file launched a powerful virus — Spark stealer. The malicious code quietly collected data while the player peacefully mined resources. The virus infiltrated Discord files, added itself to Windows startup, and remained in the system even after Minecraft was closed.

Stolen accounts and blackmail

The consequences of the infection were extremely serious. The stealer collected almost all accessible information from the victim’s computer. It stole passwords from browsers, Discord and Telegram authentication tokens, bank card details, and cryptocurrency wallet information.

Soon after installing the mods, victims received alarming messages. The attackers claimed the computer was compromised and displayed a list of stolen data. Then came the demand: pay $300. Otherwise, the hackers threatened to publish personal conversations, delete accounts, or steal all available funds. This situation affected not only young gamers who lost access to their favorite games but also their parents, whose financial data was at risk.

How to protect your base and your data

To avoid falling into a similar trap, we recommend following a few simple digital hygiene rules:

• Download mods only from trusted sources. Use official platforms like CurseForge or Modrinth. Never download archives directly from unknown private server websites.
• Pay attention to file sizes. If a regular mod pack is suspiciously large, it’s a reason to be cautious.
• Use protection. Keep an up-to-date antivirus active to block suspicious background activity in time.

If you or your friends have already accidentally installed suspicious mods, act quickly. Completely reinstall the Discord client, scan the system with antivirus software, and reset passwords for all important accounts. If you have cryptocurrency wallets, immediately transfer funds to new addresses.

Internet safety is just as important as protecting your home from creepers. Have you ever encountered suspicious servers or strange demands from administrators when installing mods? Share your experience in the comments — perhaps your story will help other players avoid similar problems.