Security News > 2023 > June > New Fractureiser malware used CurseForge Minecraft mods to infect Windows, Linux
Hackers used the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects.
According to multiple reports, the attack began when several CurseForge and Bukkit accounts were compromised and used to inject malicious code into plugins and mods, which were then adopted by popular modpacks such as 'Better Minecraft,' which has over 4.6 million downloads.
Affected players include those who downloaded mods or plugins from CurseForge and dev.
Minecraft players should avoid using the CurseForge launcher or downloading anything from the CurseForge or the Bukkit plugin repositories until the situation clears up.
"Stage 0" is the initial attack vector, when new mods were uploaded or legitimate mods are hijacked to include a new malicious function at the end of the main class for the project.
Minecraft players using mods are always advised to exercise extreme caution when downloading mods, but even more so now while this Fractureiser campaign is activ.
News URL
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)