2 min read

'Fractureiser' Malware Discovered in Minecraft Mods, Spreading Uncertainty


June 08, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
'Fractureiser' Malware Discovered in Minecraft Mods, Spreading Uncertainty

In a troubling development for the global gaming community, cybersecurity researchers have identified a potentially dangerous new malware known as "Fractureiser."

The insidious program lurks within various Minecraft modifications (mods) and plugins, raising significant concern among gamers and security experts.

Popular platforms such as CraftBukkit and CurseForge are reportedly affected, with threat actors using their websites to upload the malware-laced plugins.

"A number of Curseforge and dev.bukkit.org (not the Bukkit software itself) accounts were compromised, and malicious software was injected into copies of many popular plugins and mods," reads a security advisory from Fractureiser's GitHub repository. "Some of these malicious copies have been injected into popular modpacks including Better Minecraft. There are reports of malicious plugin/mod JARs as early as mid-April."

Particularly alarming is the malware's presence within modpacks, collections of game themes bundled together for player convenience. These modpacks allow players to easily switch between different mods and are immensely popular among Minecraft players of various ages.

Though these modifications offer a wealth of gameplay enhancements, the very feature that makes them appealing—their convenience—has made them a vehicle for the rapid spread of the Fractureiser malware.

The researchers working on the Fractureiser GitHub repository have described this virus as "incredibly dangerous," asserting that any system infected by this malware should be considered "completely compromised."

Researchers discovered that the malware has a plethora of destructive capabilities, including the ability to:

  • Propagate itself to all JAR files on the system, spreading to mods that were not initially infected, as well as other Java programs
  • Inject arbitrary cryptocurrency addresses in the clipboard
  • Steal cookies and user credentials from web browsers
  • Exfiltrate credentials for Discord, Microsoft and Minecraft

Given the unknowns surrounding Fractureiser, users are advised to remain vigilant and stay informed about the ongoing research. In the interim, GitHub researchers have provided instructions on identifying potential indications of compromise and taking necessary mitigation steps.

CurseForge released a statement, saying it addressed the issue by banning accounts linked to the malware, analyzing all new projects and files to ensure their integrity and safety, and suspending approval of new files until the issue is resolved. CurseForge emphasized that its platform is not compromised, as no admin account was hacked, and that the malware only affects Minecraft users.

This incident reminds us that the appeal of gaming platforms also makes them attractive to threat actors, so the battle to ensure the safety and security of users against such stealthy cyber threats continues.

Using specialized software like Bitdefender Ultimate Security can give you the upper hand against cunning cyberthreats like Fractureiser. Key features include:

  • Continuous, all-around monitoring and protection against viruses, Trojans, worms, zero-day exploits, spyware, rootkits, ransomware and other digital threats
  • Behavioral detection module that closely monitors active apps and takes instant action upon detecting suspicious activity
  • Network threat prevention technology that can identify and block suspicious network-level activities, including malware- and botnet-related URLs, brute-force attacks, and sophisticated exploits




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like