Contents
Minecraft is considered one of the most popular games of all time and currently seems to hold the top spot with 238 million copies sold across all platforms. Given the nature of the game, it benefits greatly from the many mods that exist on the PC version. Despite the popularity of these, now it turns out that platforms that host them such as CurseForge, have been infected by the Fracturiser malwareaffecting the players who downloaded minecraft mods there.
The ability to play a game and add more content and extra features that are not found in DLC or expansions, is by using mods. The mods are of many typesmay be a change of the interface, graphics or values within the game. you can modify your life, damage or how you want to do things, because after all, with the mods we can unlock many other ways to play that same video game. Minecraft is one of the examples that benefits the most from this addition, since the game focuses on the almost limitless creativity.
CurseForge and CraftBukkit have been infected with malware
Despite being over 10 years old, Minecraft is still very popular across all platforms, including consoles and mobile. But if we go to the PC, there it is the king, precisely because it has at its disposal a huge catalog of thousands of mods available. One of the best known pages to download these mods was CurseForgewhich unfortunately has suffered an attack and its content has been affected.
The platform itself recommends players not to download or update mods from their servers. CurseForge reported this week on the attack, which also affected CraftBukkit. The hackers were able to infiltrate several developer accounts and injected the malware Fracturer in the most popular minecraft plugins and mods.
List of Minecraft mods affected by the Fracturiser malware
On CurseForge:
- sky villages
- Dungeons Arise
- dungeonz
- Better Minecraft mudpack series
- Vault Integrations
- Skyblock Core
- Museum Curator Advanced
- Autobroadcast
- Create Infernal Expansion Plus
- UVision Enhanced
- UVision Server
- UVision Lite
- Additional Weapons+
- Vault Integrations Bug fix
In CraftBukkit:
- Haven Elytra
- Display Entity Editor
- Simple Harvesting
- The Nexus Event Custom Entity Editor
- Easy Custom Foods
- mcbounties
- Ultimate Leveling
- Anti Command Spam Bungeecord Support
- Hydration
- Anti Redstone Crash
- Not VPNS
- Fragment Permission Plugin
- Floating Damage
- Skelegram
- Ultra Swords Mod
- Ultimate Titles Animations Gradient RGB
The malware only affects Windows and Linux systems, macOS is spared
Now it’s time to talk about the Fracturiser malware, which runs only on Windows and Linux PCs. It works in three stages, the first of which occurs when someone starts one of these infected mods. The second is in charge of download files from a server and infect other mods of Minecraft found on the victim’s PC. Finally, it is in charge of stealing cookies and Web browser, Discord and Minecraft login information.
If you have a Windows or Linux PC and you think you may be infected, you can manually check for it in these folders.:
- Linux: ~/.config/.data/lib.jar
- Windows: %LOCALAPPDATA%\Microsoft Edge\libWebGL64.jar (or ~\AppData\Local\Microsoft Edge\libWebGL64.jar)
Make sure to show hidden files when checking Microsoft Edge.
Additionally, it checks the registry for an entry at: HKEY_CURRENT_USER:\Software\Microsoft\Windows\CurrentVersionRun
Or use a shortcut at: %appdata%Microsoft\Windows\Start Menu\Programs\Startup
For all those who want more information about it, Bitdefender has made a comprehensive analysis of the Fracturiser malwarehow it affects our PCs and what we can do about it.
