CurseForge is a platform used for modding various games and one of the most popular games that use this service is Minecraft where Malware has been found embedded into various projects on the site.
CurseForge Malware in Minecraft Mods
The information around this issue has been shared across Minecraft communities including r/feedthebeast and prismlauncher, a custom launcher for Minecraft. The reports share that malware by the name of “fractureiser” has been uploaded which consists of three stages with the infected mod files from CurseForge and Bukkit acting as “stage 0”. The final “stage 3” of the malware is supposedly capable of stealing user credentials and propagating itself into all jar files on the filesystem possibly enabling it to infect other mods not downloaded from CurseForge. For now, it is advised to avoid playing Minecraft, especially modded, to ensure that this Malware doesn’t spread. It is also worth noting that it has been seen on older mods so even if you haven’t used CurseForge recently it could still be there.
A team at hackmd.io has shared a detailed guide on locating infected files to see if you are infected where the malware has hidden itself as a Microsoft Edge file in appdata. That same team is also working on reverse engineering the Malware and is working to get detection software distributed. The Curseforge team has also released a statement and has banned involved accounts sharing the malware and has put their file approval process on hold until this is resolved.
I’ve recently used CurseForge and my PC has started behaving strangely with several crashes so I think I may need to quickly douse my PC in petrol. It is also possible I’ve just done something else stupid.
