LESSWRONG
LW

by the gears to ascension
1 min read7th Jun 20235 comments

14

Computer Security & CryptographyPractical
Personal Blog
This is a linkpost for https://github.com/fractureiser-investigation/fractureiser

Send this to anyone who was playing modded Minecraft on work machines. Or anyone playing modded Minecraft at all, really!

New to LessWrong?

Getting Started

FAQ

Library

gamers beware: modded Minecraft has new malware
7th Jun 2023
New Comment
5 comments, sorted by
top scoring
Click to highlight new comments since: Today at 4:48 AM
[-]Dagon10mo92

That link is weirdly embedding rather than just redirecting or referring to a github page.  It doesn't seem malicious, but Firefox at least complained that it violates GitHub's content-security policies on their pages.

https://github.com/fractureiser-investigation/fractureiser seems to be the correct underlying content.  I'd  also recommend you retitle this to "Minecraft mod users beware", as there exists at least one gamer who does not use Minecraft mods.

It does seem like impressively dangerous malware.

Reply2
[-]Garrett Baker10mo20

Place your (fake) bets on whether this was caused by ChatGPT or one of its cousins! https://manifold.markets/GarrettBaker/did-a-llm-contribute-significantly

Reply
[-]qbolec10mo10

Thank you for heads up!

Could you please clarify for parents like me, who don't fully understand Minecraft's ecosystem and just want their kids to stay safe:

1. If my kids only use Minecraft downloaded from the Microsoft Store, and only ever downloaded content from the in-game marketplace - what's the chance they are affected?

2. Am I right in thinking that "mods" = "something which modifies/extends the executable", while "add-ons"="more declarative content which just interacts with existing APIs, like maps, skins, and configs"?

3. Am I right that "Minecraft from Micosoft Store" + "content from in-game marketplace" would translate to "Bedrock Edition" + "add-ons"?

4. Am I right that the fractureiser affects "Java Edition" + "mods" only?

Reply
[-]Thomas Sepulchre10mo10

As someone who played modded minecraft (but I am not the OP, who might have more accurate information and a better understanding)

  • Minecraft downloaded from the Microsoft store is indeed the bedrock edition. If I understand correctly, this version is not affected.
  • Mods are indeed pieces of code which modifies/extends the executable. Some add-ons seem to be very complex, and deeply modify the game (at least from the users perspective), so I'm not sure how clear-cut the separation is here
  • Minecraft bedrock indeed has add-ons, while Java has mods. Only mods are affected.
  • (Not really one of your questions but I think it is relevant). Mods are very easy to download, there are some marketplaces for mods, most notably curseForge. From the user perspective, on curseForge, one can browse through the mods (like an appstore), then click on the install button, and it is downloaded and auto-installed. No more technical knowledge than using the appstore or google play store is required. The virus was embedded in mods on curseForge.

In short, if your kids are on bedrock, then your computers are probably safe.

Reply
[-]β-redex10mo10

The malware is embedded in multiple mods, some of which were added to highly popular modpacks.

Any info on how this happened? This seems like a fairly serious supply chain attack. I have heard of incidents with individual malicious packages on npm or PyPI, but not one where multiple high profile packages in a software repository were infected in a coordinated manner.

Reply
Moderation Log