In a concerning development, hackers have once again targeted the Minecraft community to distribute infostealers, capable of compromising cryptocurrency transactions and stealing valuable user data. Cybersecurity researchers at Bitdefender have discovered that unknown hackers successfully compromised multiple developer accounts on CurseForge and Bukkit, well-known modding communities for Minecraft enthusiasts.
The compromised accounts were used to inject infostealing malware into various mods and plugins, which were then added to different modpacks. As a result, the malware-infected mods have been downloaded by millions of Minecraft players, exposing them to potential risks. The researchers at Bitdefender first detected signs of the malware in late April 2023, indicating ongoing development and refinement by the attackers.