• sotolf@beehaw.org
    link
    fedilink
    English
    arrow-up
    12
    ·
    2 years ago

    I really wish that curseforge wasn’t a thing, it just has made everything so much harder, they still have no linux version of their launcher, and the windows one is full of different tracking and stuff that makes it a real hassle to use. I do like modrinth a lot, but it’s still a bit meager when it comes to stuff hosted there. I still use it when I can though :)

    • png@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      Honestly, how much there is on modrinth vastly depends on the version. Modrinth has almost a better selection of mods for modern versions, cf has better legacy version mods.

  • ch1cken@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    11
    ·
    2 years ago

    Yet another reminder to sandbox your apps people, otherwise every app/mod u install will always be a risk and an AV should never be your main defense, https://sandboxie-plus.com/ on windows is incredibly simply to use, and on linux just install the prismlauncher flatpak and double-check its permissions via the flatseal app.

    • Daryl Sun@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 years ago

      Oh wow, I haven’t heard about Sandboxie in a long while. I tried using it years ago, but I didn’t understand the documentation and gave up. Maybe I should try it out again sometime.

      I personally like flatpaks, but sometimes even with Flatseal it’s hard to figure out which permissions are needed for things to work. (For example, I tried making flatpak Calibre open PDFs using another flatpak program, but I never got that working.)

    • Ulu-Mulu-no-die@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      2 years ago

      Sandboxing is always a good idea, but depending on what game you play, it might not help, unless you mean sandboxing the entire game.

      Take World of Warcraft for example. I don’t use any addon manager, I manually install addons tho I do download them from CurseForge.

      They compromised the accounts of developers, so even if you don’t use any app to manage your addons, you’re still at risk because malicious code could be inside the addons themselves. WoW addons are not mentioned in this specific case, but they (potentially) are at risk as well, it wouldn’t be the first time (not the last either).

      Not sure it’s possible to sandbox WoW addons, they’re source code and they’re compiled by the WoW client when loaded, you should sandbox the entirety of WoW but I have no idea what impact it has on the gaming experience, nor if it’s feasible at all.

      • hschen
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        2 years ago

        You can fairly easily sandbox a full game, for example on linux im running steam flatpak version which is sandboxed and can play any game from steam. steam has certain permissions it can operate within and anything launched from steam has those same restrictions, basically means it cannot touch my home folder. Now, the flatpak sandbox isn’t 100% great and there are some exploits to escape it, but im assuming most malware is not gonna be targeting flatpak specifically so probably fairly safe

      • ch1cken@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        2 years ago

        unless you mean sandboxing the entire game

        Sandboxie automatically opens any processes/dependencies the sandboxed app opens, under the same sandbox, so it should be fine. The entire game will be sandboxed. The game still runs smoothly on my machine regardless of the sandbox as well.

  • grimaferve@kbin.social
    link
    fedilink
    arrow-up
    7
    ·
    2 years ago

    Curseforge with the malware again? It’s not the first time I’ve heard this, suspect it’s not the last. It seems that they specify Minecraft, which makes sense as it’s a JAR game with all the vulnerabilities that brings, but could this potentially affect other games they host mods for?

    At least we have Modrinth as a functional alternative in the meantime. Modrinth has been my first choice but it’s still missing a lot of big-name projects.

    • salaruaOP
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 years ago

      for the longest time Modrinth didn’t have creator monetization, so there was no way for creators to make money off of ads. that kept many modders on Curseforge, but since Modrinth implemented creator monetization months ago, modders have slowly been mirroring to Modrinth

    • Pigeon@beehaw.org
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      I suspect Minecraft specifically is targeted because it’s insanely popular and people download mods willy-nilly for it. But maybe mods for other popular games could be compromised as well? I speculate.

  • IcedCoffeeBitch@beehaw.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 years ago

    Funny thing is I downloaded Better MC about half an hour after this was announced… ig when I get to my PC I’ll delete it. From now on I’m using Modrinth

    • salaruaOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 years ago

      check for infection too. Fractureiser (the “official” name of the malware) has the ability to spread to other mods

      • IcedCoffeeBitch@beehaw.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 years ago

        I looked up on here and holy shit. Thankfully I installed on Flatpak so my filesystem should be unaffected(the app only has read only access to downloads).

        Maybe this is a good moment to clear my PC from sensitive information xD

      • IcedCoffeeBitch@beehaw.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 years ago

        Quick update: it appears I actually haven’t been infected. I even scanned with a fractureiser detector from github and nothing showed up. And yesterday I even ran Better MC, so I think my instance is actually safe.

        • salaruaOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 years ago

          just make sure not to fetch any updates

    • sus@infosec.pub
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 years ago

      This is not necessarily related to mod distribution platform (it was a malware, not Curseforge compromise), but I guess Modrinth has better moderation.