Minecraft Malware
admin
admin 10 months ago
admin #news

New malware Fractureiser threatens the safety of Minecraft players

The new "Fractureiser" malware, capable of stealing information from Minecraft players' computers, is actively spreading through user modifications on the Bukkit and CurseForge platforms.

Hackers hacked into several accounts on these platforms and replaced popular mods and plugins with malicious code. Among the affected modifications, those listed below are definitely present, but there may be even more.

  • On CurseForge: Dungeons Arise, Sky Villages, Better Minecraft, Fabuously Optimized, Dungeonz, Skyblock Core, Vault Integrations, AutoBroadcast, Museum Curator Advanced, Vault Integrations Bug fix, Create Infernal Expansion Plus.
  • On Bukkit: Display Entity Editor, Haven Elytra, The Nexus Event Custom Entity Editor, Simple Harvesting, MCBounties, Easy Custom Foods, Anti Command Spam Bungeecord Support, Ultimate Leveling, Anti Redstone Crash, Hydration, Fragment Permission Plugin, No VPNS, Ultimate Titles Animations Gradient RGB, Floating Damage.

The malware embedded in the modification is capable of stealing cookies, account credentials, cryptocurrency wallet addresses, and other sensitive information. In addition, it can register itself in Windows autorun, as well as self-propagate to other ".jar" files in the victim's file system, infecting other user mods in order to repeat the infection chain if the gamer identifies and removes the original malware.

Players who have downloaded mods or plugins from CurseForge or Bukkit within the past three weeks are at risk, but the full extent of the infection has yet to be assessed.

If you think that you may have been one of the victims of this malware, you can quickly check this. Just go to the "%LOCALAPPDATA%" directory and look for the "Microsoft Edge" folder there. If it is not found at the specified address, then most likely your system is not infected. If such a folder is present, and it contains the “libWebGL64.jar” or “lib.jar” file, your computer has most likely been compromised.

In case of infection, it is recommended to completely remove Minecraft from the computer, carefully scan the system with reliable anti-virus software, not forgetting to check extra entries in Windows startup, task scheduler and system registry.

As soon as you are sure that the computer is clean, you can reinstall the game, but for now, you should refrain from using plugins with CurseForge, Bukkit and other modifications. At least until official statements that the sites are completely cleared of malicious code.

For more technical information about Fractureiser, including how the malware works, how it spreads on the infected system, and the registry paths where the malware can leave files for re-infection, see the researchers' comprehensive report on GitHub

0
376

Login to Post comments

Comments 0
Bumblebee and IcedID Trojans Clash with PindOS: Unraveling the Tactics of Android Malware

Bumblebee and IcedID Trojans Clash with PindOS: Unraveling the Tactics...

1673775682.png
admin
 9 months ago
UnderGround Fluhorse Android Trojan steals SMS to intercept 2FA codes

UnderGround Fluhorse Android Trojan steals SMS to intercept 2FA codes

1673775682.png
admin
 9 months ago
Anatsa Banking Malware Spreads On Google Play Store

Anatsa Banking Malware Spreads On Google Play Store

1673775682.png
admin
 9 months ago
World Wind Pro Stealer Download

World Wind Pro Stealer Download

1673775682.png
admin
 1 year ago
How Hackers Bypass Google Play Protect On Android

How Hackers Bypass Google Play Protect On Android

1673775682.png
admin
 1 year ago