Skins uploaded to the official Minecraft site have affected over 50,000 Minecraft accounts with malware, according to a report by security firm Avast.
The skins are pretty typical-looking: One’s a yellow suit with a face mask, another’s a blue hoodie getup. In the last 10 days, Avast’s antivirus software has blocked a reported 14,500 attempts to infect users’ computers. Any of Minecraft’s 74 million players could download these skins off Minecraft’s site. nce downloaded, malware inside the skins’ files could reformat infected users’ hard drives and delete backup data.
Infected users have also received messages in their Minecraft account inbox reading, “Your ass got glued, “You have maxed your internet usage for a lifetime,” and “You Are Nailed, But A New Computer This Is A Piece Of Shit.”
Microsoft said the infected skins are no longer available to download. “We have addressed this issue and put additional measures in place to protect our community,” a company spokesperson told Kotaku.
[Update—3:24 pm ET]: Minecraft’s developers elaborated on the malware attack in a blog post. It noted that any Minecraft player can upload a skin as a PNG file, but PNG files can contain malicious code. It added, “this code would not be run or read by the game itself. While your antivirus software might detect this code and alert you to its presence, the code would not be able to run by itself.”
A new update deletes superfluous information—like potentially damaging code—from skins’ files.