- cross-posted to:
- securitynews@infosec.pub
- cross-posted to:
- securitynews@infosec.pub
CurseForge created a new support article with the latest known confirmed infected mods/modpacks and a tool to quickly determine if you may have acquired the infected jars
Yet another reminder to sandbox your apps people, otherwise every app/mod u install will always be a risk and an AV should never be your main defense, https://sandboxie-plus.com/ on windows is incredibly simply to use, and on linux just install the prismlauncher flatpak and double-check its permissions via the flatseal app.
Funny thing is I downloaded Better MC about half an hour after this was announced… ig when I get to my PC I’ll delete it. From now on I’m using Modrinth
check for infection too. Fractureiser (the “official” name of the malware) has the ability to spread to other mods
I looked up on here and holy shit. Thankfully I installed on Flatpak so my filesystem should be unaffected(the app only has read only access to downloads).
Maybe this is a good moment to clear my PC from sensitive information xD
I should stop being lazy and using
nix run
.I’ve heard good things about Nix, but it uses systemd and I’m too stubborn to change from my Artix runit setup
Curseforge with the malware again? It’s not the first time I’ve heard this, suspect it’s not the last. It seems that they specify Minecraft, which makes sense as it’s a JAR game with all the vulnerabilities that brings, but could this potentially affect other games they host mods for?
At least we have Modrinth as a functional alternative in the meantime. Modrinth has been my first choice but it’s still missing a lot of big-name projects.
for the longest time Modrinth didn’t have creator monetization, so there was no way for creators to make money off of ads. that kept many modders on Curseforge, but since Modrinth implemented creator monetization months ago, modders have slowly been mirroring to Modrinth