Minecraft players should hold off on downloading any new mods or plugins while cybersecurity researchers try to track down a fix for malware ripping through the game.
A worm virus named “fracturizer” has been found embedded in popular Minecraft modpacks, several game themes pulled together, which are then used by players to toggle between multiple mods, giving the player more experience options, as well as helping the malware spread.
The fracturizer GitHub repository characterizes the malware as “incredibly dangerous” and adds that any infected machine should be assumed to be completely compromised by the threat actors behind the virus.
Contributing GitHub researchers found the malicious files going back for some time, with files dated back to April, as well as some files dated from 1999, a quirk with CurseForge they found notable.
CurseForge assured users in a statement added to the fracturizer GitHub page on June 7 that it is not compromised and has suspended accounts linked to the malware. The CurseForge added that its team is working on a fix.
GitHub also noted a command-and-control server linked to fracturizer has been was suspended by its hosting provider.
Minecraft mod players who want to check if they have been exposed to fracturizer can refer to a set of specific instructions on GitHub to look for indicators of compromise and take mitigation steps.
“We do not currently know the full extent of everything this can do, nor what its intent is, so extreme caution should be exercised until a complete way to remove any symptoms is found,” the fracturizer GitHub researchers recommended. “Everything stated here is only what we know — please keep an eye on communication from the team on updates if anything critical is found.”
Source: www.darkreading.com