The Minecraft Malware Prevention Alliance (MMPA) has issued a warning about a new vulnerability in Minecraft that cybercriminals are exploiting. The vulnerability, known as ‘BleedingPipe,’ allows attackers to run remote code and plant malware on both clients and servers running certain Minecraft mods on versions 1.7.10/1.12.2 of Forge.
The scale of the attack is concerning, as the group believes that a bad actor scanned all Minecraft servers on the IPv4 address space, potentially deploying a malicious payload to all affected servers. Some of the known affected mods include EnderCore, LogisticsPipes, and BDLib, among others.
The MMPA advises server admins to regularly check for suspicious files and promptly apply updates and security patches to protect players. Players themselves can use scanning tools like jSus and jNeedle to check for suspicious files. It’s essential for players to maintain effective endpoint protection software on their devices to be prepared for such threats.
The good news is that developers are already familiar with this type of attack from the Java community, and fixes for the affected mods are likely to be issued promptly to address the vulnerability. Nonetheless, it’s crucial for Minecraft players to stay vigilant and take necessary precautions to protect themselves from potential malware attacks.
