The Minecraft Malware Prevention Alliance (MMPA) has warned Minecraft players about a new vulnerability that could allow cybercriminals to remotely execute code and install malware on victims’ devices.
Fortunately, despite being actively exploited, it is a known attack among the Java community and as such, developers are already well aware when it comes to releasing a fix.
Not so lucky in the case of this attack, however, was the scale. According to MMPA, “a bad actor scanned all Minecraft servers in the IPv4 address space.” After this, the group assumes that a malicious payload may have been placed on all affected servers.
Minecraft malware is widespread
Dubbed ‘BleedingPipe’, the exploit allows full remote code execution on clients and servers running some Minecraft mods on at least versions 1.7.10/1.12.2 of Forge.
Some of the known affected mods are EnderCore, LogisticsPipes and BDLib, which have been fixed for the GT New Horizons versions. Others include Smart Moving 1.12, Brazier, DankNull, and Gadomancy.
Despite being a highly exploited vulnerability, MMPA says there have been no cases of this scale in Minecraft to date.
The group says: “We don’t know what the content of the exploit was or if it was used to exploit other clients, although it is very possible with the exploit.”
Server administrators are urged to regularly check for suspicious files and to apply updates and security patches as they become available to protect players. Players can also check for suspicious files, with both jSus and jNeedle being recommended scan tools.
More generally, effective enforcement endpoint security software on consumer machines and being prepared is always good practice.