Minecraft mod vulnerability lets hackers gain remote access to players’ PCs

Minecraft players, including server administrators, are currently at risk of a security breach that enables malicious actors to execute code remotely on their devices.

Known as ‘BleedingPipe,’ this vulnerability is identified by the Minecraft Malware Prevention Alliance (MMPA), and hackers are taking advantage of this vulnerability in the Forge framework that powers various mods, including some versions of Astral Sorcery, EnderCore, and Gadomancy.

This flaw allows intruders to remotely control servers and devices of gamers if they are running one of these game tweaks on Forge 1.7.10/1.12.2.

According to Bleeping Computer, BleedingPipe takes advantage of the flaw in the way a Java class is deserialized in the mods’ code. To gain control, users simply need to send specific network traffic to a server. The first instances of BleedingPipe attacks were reported in March 2022 and were promptly addressed by the modders. However, MMPA has learned that many servers that use the mods have not yet been updated.

In one instance, a hacker used a new exploit variant to breach a Minecraft server and steal both the credentials of Discord chatters and the Steam session cookies of players.

The MMPA has warned that a malicious actor has scanned all Minecraft servers on the IPv4 address space and could have deployed a harmful payload to them. Any server running an affected mod may be infected. BleedingPipe, a Java logging library exploit, is similar to another recently discovered Log4j exploit but not identical. Minecraft.net, an official Microsoft site, has posted a warning and mitigations for the Log4j vulnerability to address this issue.

To protect yourself, the MMPA advises players who play on others’ servers to scan their .minecraft directory for infected files using a scanner like JSus or jNeedle. Dogboy21 suggests downloading his patch if you use any of the mods. If you run a server, the MMPA recommends running JSus or jNeedle on all installed mods and updating to the latest versions of EnderIO or LogisticsPipes if used. Additionally, the group suggests using the “GT New Horizons” fork of BDLib if used and using their security mod PipeBlocker to prevent these attacks.

FacebookTwitterLinkedin

end of article

Minecraft mod vulnerability lets hackers gain remote access to players’ PCs

Donald Trump: Rory McIlroy believes LIV Golf deal with tours could be accelerated by president-elect’s return to White House | Golf News

Hurricane Trump will blow Europe’s wind power recovery off course

how Donald Trump’s US election victory unfolded

He's back! Yoro given interesting return to Man Utd training!

Donald Trump’s return turns the tables for US health insurers

Trump victory seen as blow to climate action ahead of UN summit

Donald Trump: Rory McIlroy believes LIV Golf deal with tours could be accelerated by president-elect’s return to White House | Golf News

Hurricane Trump will blow Europe’s wind power recovery off course

how Donald Trump’s US election victory unfolded

He's back! Yoro given interesting return to Man Utd training!

Donald Trump’s return turns the tables for US health insurers

Trump victory seen as blow to climate action ahead of UN summit

ATP Finals 2024 on Sky Sports Tennis: The season so far for the year’s top eight players | Tennis News

Big Oil’s dirty legacy in Nigeria

Biden’s climate legacy in focus as US prepares for Trump’s return

‘We basically lost everything’: Bats force Sask. family to abandon house

Intolerable conditions in northern Gaza ‘beyond imagination’

Stunning First Images From NOAA’s New Solar Telescope