Editing
Minecraft modding
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===== Malware ===== ''Minecraft'' mods have been an [[attack vector]] of [[malware]] by downloading and running malicious mods.<ref>{{Cite news |last=Goodin |first=Dan |date=7 June 2023 |title=Dozens of popular Minecraft mods found infected with Fracturiser malware |work=[[Ars Technica]] |url=https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/ |access-date=8 June 2023 |archive-date=8 June 2023 |archive-url=https://web.archive.org/web/20230608013029/https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/ |url-status=live }}</ref><ref name="Bleepingcomputer">{{Cite web |last=Toulas |first=Bill |date=7 June 2023 |title=New Fractureiser malware used CurseForge Minecraft mods to infect Windows, Linux |url=https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/ |access-date=8 June 2023 |website=[[Bleeping Computer]] |archive-date=7 June 2023 |archive-url=https://web.archive.org/web/20230607172019/https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/ |url-status=live }}</ref> In March 2017, Slovakian cyber company [[ESET]] revealed that 87 examples of [[Trojan horse (computing)|trojan horse]] malware were distributed through the [[Google Play Store]] under the guise of ''Minecraft'' mods. Their purpose was to either display adverts or con players into downloading other apps. Combined, these fake mods gathered over 1,000,000 downloads in the first three months of early 2017.<ref name="TNHTrojans">{{Cite web |last=Iordache |first=Elena |date=24 March 2017 |title=Google Play Store Trojans in Fake Minecraft Mods |url=https://www.tnhonline.com/2017/03/24/google-play-store-trojans-in-fake-minecraft-mods/ |url-status=live |archive-url=https://web.archive.org/web/20181021111623/https://www.tnhonline.com/2017/03/24/google-play-store-trojans-in-fake-minecraft-mods/ |archive-date=21 October 2018 |access-date=27 April 2017 |website=TNH Online}}</ref><ref name="SCMTrojans">{{Cite web |last=Barth |first=Bradley |date=23 March 2017 |title=Nearly a million Minecraft players feel like blockheads after installing fake mod apps |url=https://www.scmagazine.com/nearly-a-million-minecraft-players-feel-like-blockheads-after-installing-fake-mod-apps/article/646022/ |url-status=dead |archive-url=https://web.archive.org/web/20171204123143/https://www.scmagazine.com/nearly-a-million-minecraft-players-feel-like-blockheads-after-installing-fake-mod-apps/article/646022/ |archive-date=4 December 2017 |access-date=27 April 2017 |website=SC Magazine US |publisher=Haymarket Media Group}}</ref> In June 2023, attackers gained access to popular mods and modpacks including "Better Minecraft" and created new releases which contained malware, dubbed "Fractureiser" after the Curseforge account that uploaded it.<ref name="Bleepingcomputer"/><ref>{{Cite news |last=Goodin |first=Dan |date=7 June 2023 |title=Dozens of popular Minecraft mods found infected with Fracturiser malware |work=[[Ars Technica]] |url=https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/ |access-date=8 June 2023 |archive-date=8 June 2023 |archive-url=https://web.archive.org/web/20230608013029/https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/ |url-status=live }}</ref> In July 2023, an [[Arbitrary code execution|arbitrary code execution]] vulnerability was found in several Forge-based ''Minecraft'' mods such as BdLib and EnderCore. The malware was named "BleedingPipe" by a ''Minecraft'' security community. It takes advantage of mods incorrectly using deserialization in the "ObjectInputStream" class. Although the vulnerability existed since 2017, a blog post by MMPA brought it mainstream, spreading its use before fixes could be made.<ref>{{Cite news |last=Toulas |first=Bill |date=31 July 2023 |title=Hackers exploit BleedingPipe RCE to target Minecraft servers, players |work=[[Bleeping Computer]] |url=https://www.bleepingcomputer.com/news/security/hackers-exploit-bleedingpipe-rce-to-target-minecraft-servers-players/ |access-date=1 August 2023 |archive-date=1 August 2023 |archive-url=https://web.archive.org/web/20230801213222/https://www.bleepingcomputer.com/news/security/hackers-exploit-bleedingpipe-rce-to-target-minecraft-servers-players/ |url-status=live }}</ref><ref>{{Cite news |date=29 July 2023 |title=Bleeding Pipe: A RCE vulnerability exploited in the wild |work=Minecraft Malware Prevention Alliance |url=https://blog.mmpa.info/posts/bleeding-pipe/ |access-date=1 August 2023 |archive-date=1 August 2023 |archive-url=https://web.archive.org/web/20230801213613/https://blog.mmpa.info/posts/bleeding-pipe/ |url-status=live }}</ref>
Summary:
Please note that all contributions to Kiiw may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Kiiw:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information