Angela B. Games 06.09.2023 01:Jun AM EDT

Several Minecraft Mods Discovered to Have Malware

There are many perks to PC gaming, and among them is being able to use mods to make video games better or more suited to a player's liking. However, this also provides certain risks. For instance, several Minecraft mods appear to have been injected with malware, which can be used to breach computer systems.

(Photo : Jakub Porzycki/NurPhoto via Getty Images)

Beware of Minecraft Mods

Dozens of mods and plugins found in CurseForge and Bukkit.org have been found to have malware as accounts were compromised. The malware, specifically called "Fracturiser" has been injected into the affected mods and plugins.

The malware is able to affect Windows and Linux systems, with investigators suspecting that the Fracturiser has been active since around mid-April. With that, modders are advised not to download or use mods for a while until the issue has been solved.

In the event that an infected mod has been launched, it will go through four stages starting with stage zero, with each downloading files from a command-and-control server. Once it reaches stage three, it will start creating folders and scripts to make changes in the computer system.

Once the malware takes hold, it will be able to steal cookies and login information from browsers, replace cryptocurrency addresses in clipboards, steal Discord, Microsoft, and Discord credentials, as well as propagate to Java archive files and infect other mods.

The creator of an open-source launcher for the game, Prism Launcher along with officials says that the infection has been widespread, as mentioned in Ars Technica, listing down mods from both CurseForge and Bukkit to spot which ones players should avoid.

CurseForge is already looking into the incident where the malicious user uploaded the mods and plugins, emphasizing that it is only affecting Minecraft users and that the accounts involved have already been banned from the platform.

Which Mods Should You Avoid?

Right now, if you plan on using mods for Minecraft, it's best to leave it until the issue has been completely resolved. If you want to despite the malware, you can at least try to avoid the following mods and mod packs affected by the malware, as listed by Bleeping Computer.

From CurseForge:

Dungeons Arise
Sky Villages
Better MC mod pack series
Dungeonz
Skyblock Core
Vault Integrations
AutoBroadcast
Museum Curator Advanced
Vault Integrations Bug fix
Create Infernal Expansion Plus

From Bukkit:

Display Entity Editor
Haven Elytra
The Nexus Event Custom Entity Editor
Simple Harvesting
MCBounties
Easy Custom Foods
Anti Command Spam Bungeecord Support
Ultimate Leveling
Anti Redstone Crash
Hydration
Fragment Permission Plugin
No VPNS
Ultimate Titles Animations Gradient RGB
Floating Damage

If you suspect that your system has been infected, you can check your computer for the virus. First off, make sure that all your hidden files are also visible. Type in "%LOCALAPPDATA%\Microsoft Edge\libWebGL64.ja" for Windows systems.

You may also check a shortcut in "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" and if that doesn't work, check the registry for an entry at "HKEY_CURRENT_USER:\Software\Microsoft\Windows\CurrentVersion\Run."

For Linux, you can check "~/.config/.data/lib.jar" to see if you've been impacted. If you're one of the lucky few, you may be using one of the four major antivirus engines that can detect the Fracturiser malware automatically.