article featured image


On Thursday, Microsoft warned users about a cross-platform botnet that targets private Minecraft servers with distributed denial-of-service (DDoS) attacks.

The botnet, known as MCCrash, has a special technique for propagating that allows it to infect Linux-based computers despite its origins in malicious software downloaded on Windows hosts. Cybersecurity researchers from Microsoft are tracking the cluster of incidents as DEV-1028.

The botnet spreads by enumerating default credentials on internet-exposed Secure Shell (SSH)-enabled devices. Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet.

The botnet’s spreading mechanism makes it a unique threat, because while the malware can be removed from the infected source PC, it could persist on unmanaged IoT devices in the network and continue to operate as part of the botnet.


Most of the cases have been documented in Russia, but they have also been found in Kazakhstan, Uzbekistan, Ukraine, Belarus, the Czech Republic, Italy, India, Indonesia, Nigeria, Cameroon, Mexico, and Colombia. The company did not offer additional information on the exact size of the campaign.

DDos Botnet Minecraft


How Did it Start?

The botnet’s infection starting point seems to be a pool of computers compromised by the installation of cracking programs that provide illegitimate Windows licenses.

The program then serves as a channel for the execution of a Python payload containing the botnet’s core features, such as a scan for SSH-enabled Linux devices in order to initiate a dictionary attack.

When a Linux host is breached using the propagation technique, the same Python payload is deployed to launch DDoS commands, one of which is particularly designed to break Minecraft servers (“ATTACK MCCRASH”), explains The Hacker News.


Microsoft described the approach as “highly efficient,” noting that it is likely marketed as a service on underground forums.

The announcement made by Microsoft Security Threat Intelligence is available here. The company believes that this type of threat emphasizes the significance of enterprises managing, updating, and monitoring not only traditional endpoints but also IoT devices, which are frequently less secure.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.