“Minecraft” players who like to download customized skins for their character avatars don’t need to worry about malware anymore, developer Mojang said Wednesday. The company said it resolved the issue by releasing a patch that removes all of the information from skin files except the actual image data itself.
The studio’s assurances came one day after cybersecurity company Avast claimed hackers were distributing malicious software via skins created in the PNG file format and uploaded to “Minecraft’s” official website. The virus could potentially reformat a person’s hard drive or destroy their backup data. It estimated nearly 50,000 “Minecraft” accounts were infected. That is a pretty low number, though, when compared to the game’s 74 million active players worldwide.
“The malicious code is largely unimpressive and can be found on sites that provide step-by-step instructions on how to create viruses with Notepad,” Avast said. “While it is fair to assume that those responsible are not professional cybercriminals, the bigger concern is why the infected skins could be legitimately uploaded to the ‘Minecraft’ website. With the malware hosted on the official ‘Minecraft’ domain, any detection triggered could be misinterpreted by users as a false positive.”
While people who upload skins could potentially slip extra code into the PNG files, Mojang points out that code can’t be run or read by the game itself. “Additionally, even if you found the code within the file and chose to run it, your antivirus software should detect and block the attempt,” it added.
“Minecraft” is one of the biggest games in the world, having sold more than 144 million copies since its launch in 2009. Microsoft bought both it and Mojang for an estimated $2.5 billion in 2014. Its next big update will add a variety of ocean-themed creatures, blocks, and items. It comes out later this year.