Downloading a Minecraft mod is a great way to infest your PC with malware
Or, at least, that’s what a survey shows. Dozens of popular Mojang game mods were compromised with very annoying malware.
That downloading current TV series using a torrent is the best way to open the doors of your PC to hackers is a relatively well-known fact, but not even fans of gaming mods have it that easy. A team of cybersecurity researchers has discovered that a huge number of Minecraft mods distributed through some popular channels have been modified to include annoying malware .
The platform that hosts these and many other mods for gaming (but not only), CurseForge, has recommended its users not to install any mods for Minecraft, nor to update any already installed ones. Some of the malicious files used in this large-scale attack, and only recently discovered, date back to mid-April, evidence that the operation has been going on for at least 1.5 months. In addition to CurseForge , another sister site, Bukkit.org, also seems to be affected by the problem.
Many accounts on Curseforge and dev.bukkit.org have been compromised, and some malicious actors have been silently modifying and updating some popular software by placing malware inside them. The malicious code was injected into copies of several plugins and mods for some of the most popular and downloaded games, including Better Minecraft
reads a notice that appeared on the two sites concerned.
A first list, probably only partial, of the mods affected by the problem includes:
- Dungeons Arise
- Sky Villages
- Better MC mod pack series
- Skyblock Core
- Vault Integrations
- Museum Curator Advanced
- Vault Integrations Bugfixes
- Create Infernal Expansion Plus – Mod removed from CurseForge
- Display Entity Editor
- Haven Elitra
- The Nexus Event Custom Entity Editor
- Simple Harvesting
- Easy Custom Foods
- Anti Command Spam Bungeecord Support
- Ultimate Leveling
- Anti Redstone Crash
- Fragment Permission Plugin
The malware used for this attack is called Fracturiser and is capable of infecting not only Windows systems, but also Linux-based ones.