- cross-posted to:
- securitynews@infosec.pub
- cross-posted to:
- securitynews@infosec.pub
You must log in or register to comment.
CurseForge created a new support article with the latest known confirmed infected mods/modpacks and a tool to quickly determine if you may have acquired the infected jars
I really wish that curseforge wasn’t a thing, it just has made everything so much harder, they still have no linux version of their launcher, and the windows one is full of different tracking and stuff that makes it a real hassle to use. I do like modrinth a lot, but it’s still a bit meager when it comes to stuff hosted there. I still use it when I can though :)
On one hand I’m all for linux support, on the other I can’t see them making a launcher that in any way competes with what we already have on the form of things like prism and GD Launcher
Honestly, how much there is on modrinth vastly depends on the version. Modrinth has almost a better selection of mods for modern versions, cf has better legacy version mods.
Yet another reminder to sandbox your apps people, otherwise every app/mod u install will always be a risk and an AV should never be your main defense, https://sandboxie-plus.com/ on windows is incredibly simply to use, and on linux just install the prismlauncher flatpak and double-check its permissions via the flatseal app.
Oh wow, I haven’t heard about Sandboxie in a long while. I tried using it years ago, but I didn’t understand the documentation and gave up. Maybe I should try it out again sometime.
I personally like flatpaks, but sometimes even with Flatseal it’s hard to figure out which permissions are needed for things to work. (For example, I tried making flatpak Calibre open PDFs using another flatpak program, but I never got that working.)
Sandboxing is always a good idea, but depending on what game you play, it might not help, unless you mean sandboxing the entire game.
Take World of Warcraft for example. I don’t use any addon manager, I manually install addons tho I do download them from CurseForge.
They compromised the accounts of developers, so even if you don’t use any app to manage your addons, you’re still at risk because malicious code could be inside the addons themselves. WoW addons are not mentioned in this specific case, but they (potentially) are at risk as well, it wouldn’t be the first time (not the last either).
Not sure it’s possible to sandbox WoW addons, they’re source code and they’re compiled by the WoW client when loaded, you should sandbox the entirety of WoW but I have no idea what impact it has on the gaming experience, nor if it’s feasible at all.
You can fairly easily sandbox a full game, for example on linux im running steam flatpak version which is sandboxed and can play any game from steam. steam has certain permissions it can operate within and anything launched from steam has those same restrictions, basically means it cannot touch my home folder. Now, the flatpak sandbox isn’t 100% great and there are some exploits to escape it, but im assuming most malware is not gonna be targeting flatpak specifically so probably fairly safe
unless you mean sandboxing the entire game
Sandboxie automatically opens any processes/dependencies the sandboxed app opens, under the same sandbox, so it should be fine. The entire game will be sandboxed. The game still runs smoothly on my machine regardless of the sandbox as well.
Curseforge with the malware again? It’s not the first time I’ve heard this, suspect it’s not the last. It seems that they specify Minecraft, which makes sense as it’s a JAR game with all the vulnerabilities that brings, but could this potentially affect other games they host mods for?
At least we have Modrinth as a functional alternative in the meantime. Modrinth has been my first choice but it’s still missing a lot of big-name projects.
for the longest time Modrinth didn’t have creator monetization, so there was no way for creators to make money off of ads. that kept many modders on Curseforge, but since Modrinth implemented creator monetization months ago, modders have slowly been mirroring to Modrinth
I suspect Minecraft specifically is targeted because it’s insanely popular and people download mods willy-nilly for it. But maybe mods for other popular games could be compromised as well? I speculate.
Funny thing is I downloaded Better MC about half an hour after this was announced… ig when I get to my PC I’ll delete it. From now on I’m using Modrinth
check for infection too. Fractureiser (the “official” name of the malware) has the ability to spread to other mods
I looked up on here and holy shit. Thankfully I installed on Flatpak so my filesystem should be unaffected(the app only has read only access to downloads).
Maybe this is a good moment to clear my PC from sensitive information xD
I should stop being lazy and using
nix run.I’ve heard good things about Nix, but it uses systemd and I’m too stubborn to change from my Artix runit setup
Quick update: it appears I actually haven’t been infected. I even scanned with a fractureiser detector from github and nothing showed up. And yesterday I even ran Better MC, so I think my instance is actually safe.
just make sure not to fetch any updates
This is not necessarily related to mod distribution platform (it was a malware, not Curseforge compromise), but I guess Modrinth has better moderation.
Damn, why did I have to find out while I’m at work 😅
