This Minecraft Launcher is Stealing Your Data!

TLauncher is a virus. There you go, I have said it. More specifically, however, TLauncher is a type of spyware that performs autonomous tasks under a mysterious veil. Meanwhile, you and your friends are enjoying a wholesome experience over Minecraft — just because you trusted your friends and they, too, are running copies of this despised Minecraft launcher.

Modification of a thumbnail by SuchSpeed

Okay, stepping back a little bit, and let us rip open a quick overview into what we are dealing with here.

Minecraft by Sweden’s Mojang is a video game that rarely requires a formal introduction. If you are someone born after the year 2011, it is a staple multi-platform game that shall catch your attention almost immediately as you learn to operate a digital device.

Sadly, the game is not free. Which is why it leaves a whole chasm open for scammers and malware enthusiasts to try and trick gamers into downloading “free Minecraft”.

Skipping ahead, we have TLauncher — offering “cracked” (pirated) versions of Minecraft for anyone who wishes to save $37 (and lose possibly $1000+ worth of personal information). Now, the organization itself has a whole “history” and “lore”, better explained by the following video:

Documentary by TheMisterEpic that explores TLauncher’s secrets

On this article, you shall observe technical details and empirical evidence of the weird activities performed by TLauncher itself.

As of October-November 2023, the following highlights have been deduced via VirusTotal, an online malware analysis and file/URL inspection tool. You may notice that superficially there are no such malicious activities nor signatures detected by the tool itself.

At first glance, no harmful activities are noted

But under the Behavior tab, something was definitely not right.

As seen from VirusTotal’s sandbox environment reports above, HTTP requests have been traced which lead to TLauncher’s own servers and CDNs (content delivery networks) which cater out their own “custom” version of the JREs (Java Runtime Environments) used for running the Minecraft client.

Furthermore, the sandbox reports confirm that TLauncher checks your file system for your browsing history, cookies and saved data (e.g. passwords, login credentials).

Are you feeling comfortable in letting the developers of TLauncher casually breach your privacy like that?

Oh, but there’s more!

TLauncher accesses your system processes and has the ability to manipulate other processes at ease, inviting and allowing potential hackers to drill a “backdoor” into your device.

So remember this: they’re the people enjoying the benefits of TLauncher, not you!

TLauncher is also notorious for filing Digital Millenium Copyright Act (DMCA) claims to almost any kind of content that bears its name. That is why gamers and Minecraft players can hardly find any reliable source of information that marks TLauncher as being “suspicious”. For the people associated with TLauncher, I mean no harm to your business practices. I am just performing my duties to insert layers of transparency between you and your users.

Thank you for reading and please inform your friends about the dangers of TLauncher.