Article Archive
Server Stats
Site Members: 65394

Server IP:
mc.webbcraft.co.uk (5.226.141.73)


The Server is online, running Spigot 1.21.4, with 0/80 players.
Server ping is 18 ms.
SECURITY ALERT
If you've downloaded any mods or plugins from CurseForge, Bukkit, through clients such as PrismLauncher, etc. in the past 3 weeks, you may have malware active on your PC:

A planned attack was launched against the Minecraft modding community, which compromised CurseForge and Bukkit modder accounts, and injected many popular mods and modpacks. Once downloaded, these modified .jars ultimately try to infect every .jar on your system, all of which can then:

This malware is not detectable by things like Windows Security & Firewall, if you're concerned you may have downloaded one of these hacked files, follow the steps below:

You can check whether the malware ever ran on your computer, since the malware attempts to save files at several unusual paths:

Linux: # ~/.config/.data/lib.jar
Windows: # AppData\Local\Microsoft Edge\libWebGL64.jar & AppData\Microsoft\Windows\Start Menu\Programs\Startup

On windows, the file Microsoft Edge SHOULD NOT EXIST, the actual Microsoft Edge folder does not have a space in it: MicrosoftEdge. If you see a folder with the space, it's very possible that the malware has run on your computer. Same goes for the .config/.data/lib.jar on Linux; it shouldn't exist.

This is a very serious and dangerous threat, as IF you've been infected, you have to assume every .jar file on your system is infected. You're advised to remove them all, as well as the paths that shouldn't exist mentioned above.

For all the details, read https://github.com/fractureiser-investigation/fractureiser#non-technical-overview-read-me

Please be safe, and DO NOT download mods or plugins at this time.

~ CCShad on 2023-06-08 04:14:00

This article has been viewed 549 times since 2015-05-01.


Comments (0):

Author Message

Register or Log in to post a comment