Security News > 2023 > June > New Fractureiser malware used CurseForge Minecraft mods to infect Windows, Linux
Hackers used the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects.
According to multiple reports, the attack began when several CurseForge and Bukkit accounts were compromised and used to inject malicious code into plugins and mods, which were then adopted by popular modpacks such as 'Better Minecraft,' which has over 4.6 million downloads.
Affected players include those who downloaded mods or plugins from CurseForge and dev.
Minecraft players should avoid using the CurseForge launcher or downloading anything from the CurseForge or the Bukkit plugin repositories until the situation clears up.
"Stage 0" is the initial attack vector, when new mods were uploaded or legitimate mods are hijacked to include a new malicious function at the end of the main class for the project.
Minecraft players using mods are always advised to exercise extreme caution when downloading mods, but even more so now while this Fractureiser campaign is activ.
News URL
Related news
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New stealthy Pumakit Linux rootkit malware spotted in the wild (source)
- Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)