Switch to Light Theme

PUBLIC SERVICE ANNOUNCEMENT: MALWARE IN MODS ON CURSEFORGE AND BUKKIT, URGENT (READ IF YOU USE MODIFICATIONS IN MINECRAFT)

Spogger

Spogger

Forum Legend
ELITE
_Spogger
_Spogger
ELITE
#1
Joined
Sep 9, 2022
Posts
1,299
Ratings
724 118
#1
(this is copy and pasted from here)
Platforms known to be affected:
- Curseforge
- Bukkit

Modrinth is supposed to be safe, but to be absolutely sure, you probably shouldn't install any new mods.


The name of the program in question is Fractureiser
Fractureiser is known to:
- Steal your credentials, basically everywhere
- Inject itself into any JAR file on your computer
- Steal the crypto I'm sure forumers like you definitely have
- More we have no information on yet

Do not use the Curseforge application OR website.
Do not use Bukkit.
Do not download ANY new mods, stick to your existing installs of the game if you are not infected.


Please do ensure you are not infected.


More documentation about what Fractureiser does, how it spreads, what you should do if you are infected, how to check if you are infected:
https://github.com/fractureiser-investigation/fractureiser/blob/main/docs/users.md
The TLDR of if you are infected or not, is if the folder "Microsoft Edge" with a space is present in your %localappdata% (WINDOWS), you are infected. (You need to show OS and hidden files)

Make sure to also look at this: Prism Launcher - [MALWARE WARNING] "fractureiser" malware in many popular Minecraft mods and modpacks
TL;DR: IF YOU USE MODS. DO WINDOWS+R, TYPE %localappdata% AND IF THERE IS A FOLDER CALLED "MICROSOFT EDGE" (there has to be a space) DELETE IT PERMANENTLY. ALSO DO NOT USE CURSEFORGE OR BUKKIT UNTIL FURTHER NOTICE.

 
Last edited:
D

Deleted member 148935

Guest
#4
#4
bruhwhymyigntaken said:
(this is copy and pasted from here)
Platforms known to be affected:
- Curseforge
- Bukkit

Modrinth is supposed to be safe, but to be absolutely sure, you probably shouldn't install any new mods.


The name of the program in question is Fractureiser
Fractureiser is known to:
- Steal your credentials, basically everywhere
- Inject itself into any JAR file on your computer
- Steal the crypto I'm sure forumers like you definitely have
- More we have no information on yet

Do not use the Curseforge application OR website.
Do not use Bukkit.
Do not download ANY new mods, stick to your existing installs of the game if you are not infected.


Please do ensure you are not infected.


More documentation about what Fractureiser does, how it spreads, what you should do if you are infected, how to check if you are infected:
https://github.com/fractureiser-investigation/fractureiser/blob/main/docs/users.md
The TLDR of if you are infected or not, is if the folder "Microsoft Edge" with a space is present in your %localappdata% (WINDOWS), you are infected. (You need to show OS and hidden files)

Make sure to also look at this: Prism Launcher - [MALWARE WARNING] "fractureiser" malware in many popular Minecraft mods and modpacks
TL;DR: IF YOU USE MODS. DO WINDOWS+R, TYPE %localappdata% AND IF THERE IS A FOLDER CALLED "MICROSOFT EDGE" (there has to be a space) DELETE IT PERMANENTLY. ALSO DO NOT USE CURSEFORGE OR BUKKIT UNTIL FURTHER NOTICE.

Click to expand...
if you have the regular microsoft folder with edge in it is that cool or is it still a virus
 
Spogger

Spogger

Forum Legend
ELITE
_Spogger
_Spogger
ELITE
#5
Joined
Sep 9, 2022
Posts
1,299
Ratings
724 118
#5
Lucartichaut said:
if you have the regular microsoft folder with edge in it is that cool or is it still a virus
Click to expand...
If it is named MicrosoftEdge, all is fine, but if it is Microsoft Edge (with a space) that is no bueno and needs to be deleted and you are going to have to scan your computer for malware with BitDefender or McAfee after you delete it. Make sure that you can also see hidden files which can be enabled in advanced settings.

As far as the investigation team knows, it only affects .jar files and not .zip or .exe. So texture packs and shader packs are unaffected as far as I am aware, but it wouldn't hurt to scan for malware with BitDefender or McAfee just in case.

If your anti-virus finds anything, immediately contact all companies/platforms that handle your credentials and also contact any finance companies for company shares or crypto. Additionally, delete every single .jar file on your computer as the malware likely has injected itself into those files. DO NOT BACK UP THESE .JAR FILES ON ONEDRIVE OR ANY OTHER STORAGE SERVICE, otherwise you'll be carrying around a malware grenade in your drive. (unless they are absolutely necessary for your system to work, delete them, which to my knowledge none of those files are .jar) From here, you're going to have to ensure that everything is safe with all your accounts on every platform, even your credit card or whatever. After this is done, you may be safe to return to playing minecraft, but I would recommend that you receive guidance from a security provider before returning.

I will try my best to answer any more questions, but if I can't I would recommend you read the GitHub and Prism articles that have been linked.
 
Last edited:
You must log in or register to reply here.