Security News > 2023 > June > New Fractureiser malware used CurseForge Minecraft mods to infect Windows, Linux
Hackers used the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects.
According to multiple reports, the attack began when several CurseForge and Bukkit accounts were compromised and used to inject malicious code into plugins and mods, which were then adopted by popular modpacks such as 'Better Minecraft,' which has over 4.6 million downloads.
Affected players include those who downloaded mods or plugins from CurseForge and dev.
Minecraft players should avoid using the CurseForge launcher or downloading anything from the CurseForge or the Bukkit plugin repositories until the situation clears up.
"Stage 0" is the initial attack vector, when new mods were uploaded or legitimate mods are hijacked to include a new malicious function at the end of the main class for the project.
Minecraft players using mods are always advised to exercise extreme caution when downloading mods, but even more so now while this Fractureiser campaign is activ.
News URL
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)