Minecraft is one of the most-played games in the world across many devices. It is enjoyed by millions, which is why it's no surprise that hackers see a golden opportunity for fraudulent activities. More mods have been found to contain malware that lets bad actors control your game devices.
Minecraft Mod Malware
Modding has always been dangerous since there's a chance that it contains malware. Although some are found and fixed quickly, others tend to remain undetected before many are affected by it. The MMPA security community has found a couple of mods that were infected, yet again.
Threat actors were said to be exploiting a "Bleeding Pipe" flaw in the Forge framework that was powering multiple mods, as mentioned in Engadget, which includes versions of Astral Sorcery, EnderCore, and Gadomancy.
Players are advised to check if they are running mods on Forge 1.7.10/1.12.2 since these versions allow hackers to remotely control both devices and servers. In one instance, the hacker managed to steal Discord credentials from users along with Steam session cookies.
As reports say, the flaw exploits the wrong deserialization for a class in the Java code powering the mods. In order to prevent hackers from exploiting it, players will have to send special network traffic to a server and take control.
Modders have been patching the infected ones since the attacks were detected back in March 2022, although the MMPA says that most servers that run the mods are yet to be updated. The safest action to take is to stop using the mods.
So far, there are more than 40 mods detected to have this flaw, and it is still unknown what more damage the vulnerability can cause. Other than stopping the use of mods for the time being, updating the mods and a quick antivirus scan would also be the best move.
Read Also: Hackers Use Fake Pokemon NFT Game to Gain Control of Your Windows Devices
Other Infected Minecraft Mods
Just this June, several popular Minecraft mods and plugins were also found to have malware. The mods will start affecting the computer system once the player launches them. The malware will download files from a command-and-control server.
Once it progresses further, it will begin creating folders and scripts which in turn will make changes in the computer system. This leads to the user being vulnerable to having their data stolen like cookies and login information from browsers.
It is also capable of replacing cryptocurrency addresses in clipboards, as well as credentials from platforms like Discord and Microsoft. According to Ars Technica, the mods were from both CurseForge and Bukkit, although most would've been fixed by now.
The affected mods from CurseForge then included Dungeons Arise, Sky Villages, Vault Integrations, Museum Curator Advanced, Better MC mod pack series, Skyblock Core, and more.
The ones from Bukkit include Haven Elytra, Simple Harvesting, MCBounties, Ultimate Leveling, Anti Restone Crash, Easy Custom Foods, Hydration, No VPNs, Floating Damage, Ultimate Titles Animations Gradient RGB, and more.
When mods turn out to have malware in them, the ideal thing to do is to avoid modding even if the ones you use are not listed since they might have been overlooked. If you have already been using them for a while, an antivirus sweep is also recommended.
Related: Several Minecraft Mods Discovered to Have Malware
