Take me to...
- What happened?
- How do I know if I am infected, and what to do?
- Live list of confirmed mods that were infected
What happened?
Following reports that we received we found that a malicious user has created several accounts and uploaded projects containing malware to the platform. We have banned all accounts relevant to this.
In collaboration with the author community, the CurseForge team has undertaken a thorough investigation to address this issue promptly and ensure that such malicious actions are prevented from happening in the future. Our primary objective is to provide a swift resolution and implement preventive measures.
This article will provide you with instruction on how to use a detector tool that will help you identify if your computer has been infected.
How do I know if I am infected, and what to do?
First look at the list of project at the bottom of this article. If you know you haven't downloaded any of those projects in the past month, you should be safe.
Also note that this malware only infects Windows and Linux, not Mac.
That being said if you're not sure, or want to check to be sure, proceed below.
There are 2 steps to take to make sure you are safe:
Detect if you are already infected
- Download the detection tool from here (Windows) or here (Linux) and run it. GitHub project can be found here.
This tool will check if you are already infected. The tool will provide a list of the files detected on your PC.
See example below: - If you’ve run the detection tool and was found to be infected, first make sure to display hidden files.
On windows simply go to to the top of your file explorer window(any opened folder) and click View>Check "Hidden Items"
- If you still don't see the files after showing hidden items, go into View>Options and remove the check from "Hide protected operating system files". Click Yes on the warning. You can hide them again after deleting the infected files.
- Go to each file destination and delete those files.
Delete the "Microsoft Edge" (with space) folder completely. Normal Edge folder is without space in the name. This malware specifically creates a folder with the space in it.
Additionally to the above steps if found infected, as a safety measure we recommend running independent malware scanning tools and changing any important passwords you have.
Detect if you have any dormant / other infected mods/Jar files
- After completing the previous step, run the Jar Malware Scanning tool for to be sure if your other mods that are not on the list below have been infected. This tool scans for stage 0 vulnerability and will be able to detect any infected Jars.
Run the tool linked here. Full Github here.
Make sure to run this tool even if you were not found infected in step 1 - Use the tool to scan all folders that contain Minecraft mod Jars installed on your PC.
Click "Browse" and choose a folder that contains jar files, then click "Scan". This will check the selected folder and all it's sub-folders.
If an infected file has been found you will see a message. See the example below. In that case, delete that Jar.
Make sure to cover all folders on your PC containing Mods/Packs.
Live list of confirmed mods that were infected (Last Updated - 06/11/2023 08:53 UTC)
Projects that were infected and are now fixed:
Most of the projects from LunaPixelStudios - It is advised to ensure that you have the latest version of any modpack, as the necessary fixes should already be available for those modpacks, and the infected files deleted.
Mods
| Mod Name | Total non-unique downloads at time of detection |
1. Buried Barrels | 5 |
2. Sky Villages [Forge/Fabric] | 481 |
3. Simply Houses | 169 |
4. Skyblock Core | 44 |
5. When Dungeons Arise -Forge/Fabric | 1,248 |
Modpacks
| Modpack Name | Total non-unique downloads at time of detection |
| 1. Better MC [Forge] - BMC3 | 1,040 |
| 2. Medieval MC [Forge] - MMC3 | 246 |
| 3. Prominence [Forge] | 23 |
Projects that are infected and taken down permanently:
Mods
| Mod Name | Total non-unique downloads at time of detection |
1. Golem Awakening | 11 |
| 2.Phanerozoic Worlds | 283 |
| 3. Autobroadcast | 21 |
| 4. Museum Curator Advanced | 48 |
| 5. Vault Integrations (Bug Fix) *Note - Not the Modpack Vault Integrations | 160 |
| 6. dungeonx * Note - Not DungeonZ | 1,227 |
| 7. More and Ore advanced | 257 |
| 8. Anti ChatReport | 61 |
| 9. Additional Weapons+ | 644 |
| 10. Create: Diesel and Oil Generators | 366 |
| 11. Ultra Swords Mod | 445 |
| 12. Simple Frames | 41 |
| 13. XPClumps *Note - Not Clumps | 50 |
| 14. Target Dummy | 33 |
| 15. Sleeping Bags | 50 |
Modpacks
| Modpack Name | Total non-unique downloads at time of detection |
| 1. UVision ENHANCED(server pack only) | 2 |
| 2. UVision Server(server pack only) | 1 |
| 3. UVision LITE (server pack only) | 2 |
Bukkit Plugins
| Bukkit Plugin Name | Total non-unique downloads at time of detection |
| 1. AmazingTitles | 27 |
| 2. HavenElytra | 83 |
| 3. DisplayEntityEditor | 23 |
| 4.The Nexus Event Custom Event | 15 |
| 5. SimpleHarvesting | 20 |
| 6. McBounties | 18 |
| 7. Easy Custom Foods | 21 |
| 8. AntiCommandSpam Bungeecord Support | 12 |
9. UltimateLevels | 12 |
| 10. AntiRedstoneCrash | 11 |
| 11. hydrationPlugin | 33 |
| 12. NoVPN | 14 |
13. Fragment Permission Plugin | 29 |
| 14. Skelegram - The Skript Telegram Addon! | 17 |
15. AntiCrashXXL | 78 |
16. Holographic Plots | 39 |
| 17. Beacon Waypoints | 31 |
| 18. Treecapitator | 264 |
| 19. PaperCurrency | 24 |
| 20. The Auction House | 103 |
| 21. AlwaysChicken | 30 |
| 22. Tpa Deluxe Simple Teleportation | 286 |
| 23. Floating Damage | 151 |
| 24. MinecraftGPT | 27 |
| 25. DoubleJump Plus | 30 |
26. SculkInvasion | 40 |
| 27. SimpleHealing | 15 |
| 28. Vanilla Challenges | 31 |
| 29. TPS Bar | 66 |
| 30. SemiHardcore | 41 |
| 31. TNT Tag Minigame | 34 |
| 32. Command Timers | 45 |
| 33. InstaSmelt | 22 |
| 34. Neo Performance | 45 |
| 35. Chat Games | 22 |
| 36. ServManager | 34 |