If you or your children like to run mods on the Windows or Linux version of Minecraft, you might want to check those installation folders. According to public disclosures from the popular CurseForge and Bukkit mod platforms, both were used to upload compromised versions of popular Minecraft mods infected with malware installation tools. The full extent of the damage has yet to be assessed.

According to Bleeping Computer, popular individual mod developers’ accounts on the platforms were targeted, after which the Fractureiser spyware was smuggled into updated versions of their user mods. API systems automatically updated some of the mods immediately, some of which have millions of recorded downloads. Across CureseForge and Bukkit, at least 25 popular mods were infected over the last three weeks, including the extremely popular Better Minecraft multi-mod package.

The hackers appear to have targeted individual mod developers’ accounts, not the distribution platforms themselves, so it’s not as bad as it could be. Even so, it’s possible that millions of Minecraft players have been delivered Java-based spyware by updating their mods. Scanning tools have been provided to check for potential infections and affected users are instructed to clean their computers (possibly requiring a full operating system reinstallation) and change the passwords on all connected accounts. The malware is known to search for bank account, email, and cryptocurrency logins.

Minecraft players are advised to avoid downloading mods from CurseForge and Bukkit for the time being. As always, practice caution when downloading mods or any kind of software from third-party sources.

Author: Michael Crider, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Recent stories by Michael Crider:

Update now! Chome plugs its fifth emergency zero-day exploit of 2024Ring of bogus web shops steals 850K credit card numbersIf you get a phone call from LastPass, it’s a scam