If you’re a Minecraft mod enthusiast, it’s time to be vigilant. The security group MMPA has discovered that a “BleedingPipe” vulnerability in the Forge framework, which powers many mods such as Astral Sorcery, EnderCore, and Gadomancy, is being exploited by hackers. When the game modifications run on Forge versions 1.7.10/1.12.2, it leaves a window open for attackers to remotely commandeer servers and even individual players’ devices. Shockingly, some hackers have already leveraged this flaw to infiltrate a Minecraft server, subsequently stealing Discord chat credentials and Steam session cookies of players.
Delving deeper, Bleeping Computer clarified that the BleedingPipe flaw stems from inappropriate deserialization of a class within the Java code that operates these mods. To gain control, attackers simply need to send specifically designed network traffic to the targeted server. Although traces of these attacks date back to March 2022 and were promptly addressed by the modding community, MMPA believes the majority of servers with these mods remain unpatched.
Although Microsoft owns Mojang, the creators of Minecraft, it doesn’t oversee Forge and hence might not be directly able to intervene in this situation. For those who play the original Minecraft version or prefer solo gameplay, there’s no immediate threat.
The extent of this vulnerability is still uncertain. While 46 mods have been identified as susceptible to the BleedingPipe exploit, the actual number might be higher. For precaution, it’s recommended that users scan their devices, including their Minecraft directory, for potential malware. For server admins, it’s advised to either update the affected mods or halt their usage. For added security, MMPA offers a PipeBlocker mod to safeguard users, although compatibility issues might arise if the mods aren’t up-to-date.
