A number of Curseforge and dev.bukkit.org (not the Bukkit software itself) accounts were compromised, and malicious software was injected into copies of many popular plugins and mods. Some of these malicious copies have been injected into popular modpacks including Better Minecraft. There are reports of malicious plugin/mod JARs as early as mid-April.
[...]
Stage 3 is the "mastermind" of the malware, and we have evidence that it attempts to do all of the following:
* Propagate itself to all jar files on the filesystem, possibly infecting mods that were not downloaded from CurseForge or BukkitDev
* Steal cookies and login information for many web browsers
* Replace cryptocurrency addresses in the clipboard with alternates that are presumably owned by the attacker
* Steal Discord credentials
* Steal Microsoft and Minecraft credentials
Because of its behavior, we are very confident this is a targeted attack against the modded Minecraft ecosystem. It's quite bad.
Note that because it infects all jar files on an affected user's system, it's not inconceivable that affected people have distributed infected non-Minecraft-related Jar files.
> Even Maven repositories may be infected, and this malware goes back months.
2 comments
[ 3.0 ms ] story [ 15.1 ms ] threadA number of Curseforge and dev.bukkit.org (not the Bukkit software itself) accounts were compromised, and malicious software was injected into copies of many popular plugins and mods. Some of these malicious copies have been injected into popular modpacks including Better Minecraft. There are reports of malicious plugin/mod JARs as early as mid-April.
[...]
Stage 3 is the "mastermind" of the malware, and we have evidence that it attempts to do all of the following:
* Propagate itself to all jar files on the filesystem, possibly infecting mods that were not downloaded from CurseForge or BukkitDev
* Steal cookies and login information for many web browsers
* Replace cryptocurrency addresses in the clipboard with alternates that are presumably owned by the attacker
* Steal Discord credentials
* Steal Microsoft and Minecraft credentials
Because of its behavior, we are very confident this is a targeted attack against the modded Minecraft ecosystem. It's quite bad.
> Even Maven repositories may be infected, and this malware goes back months.