News, 09.06.2023, 09:00 AM
If you or your kids are Minecraft fans, it might be wise to hold off on downloading new mods and add-ons for a while. The reason for this is that a new dangerous malware called “Fractureiser” has been found in various Minecraft mods and add-ons.
Hackers have compromised accounts on modding platforms CraftBukkit and CurseForge, and inserted Fractureiser into a number of very popular game plugins.
“A number of Curseforge and dev.bukkit.org accounts (but not the Bukkit software itself) have been compromised, and malware has been injected into copies of many popular plugins and mods,” it said. warning researchers who found the malware. “Some of these malicious copies have been inserted into popular modpacks, including Better Minecraft. There have been reports of malicious plugin/mod JARs since mid-April.”
The presence of malware in modpacks is particularly alarming. These mod packs allow players to easily switch between different mods and are extremely popular among Minecraft players of all ages.
The researchers describe this malware as “incredibly dangerous”, claiming that any system infected with this malware should be considered “fully compromised”.
They say the malware has a host of destructive capabilities, including the following:
It spreads to all JAR files on the system, spreading to mods that were not initially infected, as well as other Java programs
It replaces cryptocurrency addresses in the infected computer’s clipboard with an address that likely belongs to whoever is behind the attack.
It steals cookies and user credentials from web browsers
Exfiltrates credentials for Discord, Microsoft, and Minecraft
Given the unknowns surrounding Fractureiser, users are advised to be vigilant and inform themselves about this malware as it is still under investigation. The researchers provided instructions on GitHub about detecting potential indicators of compromise.
Minecraft players who have never come close to mods have nothing to fear, but others should scan their computers to make sure they aren’t infected and their personal data hasn’t been compromised. If you find that your computer is infected, you should not only clean it of malware, but also change passwords on accounts that may be at risk of being hacked.
The attack, according to what is known so far, is aimed at Windows and Linux computers, not macOS.
CurseForge released a statement saying it has resolved the issue by blocking accounts associated with the malware, analyzing all new projects and files to ensure their integrity and security, and suspending new approvals until the issue is resolved. CurseForge stressed that the platform is not compromised, as no admin accounts have been hacked and the malware only affects Minecraft users.
CurseForge has also released its own tool for detecting infected mods.