We don’t just report on threats-we remove themĬybersecurity risks should never spread beyond a headline. The smash hit DayZ game was famously attacked back in 2014 in much the same fashion.Ĭonnecting to other devices or servers is always a potential risk, and where modding is thrown into the mix you can never be 100% sure that everything is as it should be. Something similar happened this past week when Call of Duty servers were taken offline due to a similar approach. There is also the option of installing a mod called PipeBlocker on forge servers and clients, which protects against the BleedingPipe vulnerability.Ībusing game servers is an occasionally used technique to infect as many people as possible. For players, the news isn’t particularly reassuring:Īs a player if you don’t play on servers, you are not affected.Įssentially, don’t play or run various scans after a Minecraft session and hope for the best. Server admins are advised to check for suspicious files, along with updating or removing vulnerable mods. At time of writing, nobody knows the payload content being sent to potentially vulnerable servers. The individuals behind the attack have “scanned all Minecraft servers on the IPv4 address space to mass-exploit vulnerable servers”. After having been addressed, this problem has resurfaced in various forms and impacting several mods along the way. The article also claims a similar issue was first reported back in 2022. Assume you are infected if you have played on a server and are not on the GTNH fork. Once again, GTNH fork has this fixed, but the developer of the original currently does not plan to fix it. If you have played on a server with a vulnerable version, assume you are infected. This has once again been fixed in GT New Horizons version as of July 25, 2023, and the original is fixed since version 0.10.0.71. The GT New Horizons fork has been fixed, and the original has been as well, but EnderIO’s minimum versions has not yet been updated. The article goes on to list some of the affected mods, and it’s worth noting that this list is by no means exhaustive:ĮnderCore (dependency of EnderIO). This is a vulnerability in mods using unsafe deserialization code, not in Forge itself. While a lot of them are playing on console and so not susceptible to Windows malware, a huge modding base exists in PC land.įrom the Minecraft security (MMPA) article highlighting details of the attack:īleedingPipe is an exploit being used in the wild allowing FULL remote code execution on clients and servers running popular Minecraft mods on 1.7.10/1.12.2 Forge (other versions could also be affected), alongside some other mods. Given that Minecraft has around 140 million monthly active players, this isn’t great news. They exploit the issues residing in the mods used by the people playing, which permits them to make malicious installations on their PCs. With the server taken over, attackers can then turn their attention to the players inhabiting those servers. As Bleeping Computer notes, the compromised servers are only the first link in the chain. The problem is that so many of them have been set up in a way which allows for this vulnerability to take hold. There’s a custom game type or world state for everybody. Minecraft modding is immensely popular, with a potentially huge number of servers in the wild doing their own thing. The vulnerability, named BleedingPipe, allows attackers to take over a targeted server. A Remote Code Execution (RCE) vulnerability in certain Minecraft mods allows for malicious commands on both servers and clients. Minecraft players interested in modding are potentially at risk of compromise.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |