Playing with unpatched mods in Minecraft has become "absolutely dangerous" due to a discovered exploit
Advice for Minecraft server administrators: It is strongly recommended to immediately restrict access to Echo Shards as this news can be very alarming. According to the Minecraft Malware Prevention Alliance (MMPA) - yes, such an organization exists - users have noticed a vulnerability that affects numerous Minecraft servers and is linked to various popular mods. Hackers can exploit this vulnerability to take control of players' devices.
In a blog post on the Minecraft Malware Prevention Alliance (MMPA) website (via Tom's Hardware), it is mentioned that "this vulnerability is well known in the Java community and has been fixed in other mods before." Although it is not a new problem, the post emphasizes that "none of them have reached this scale in the Minecraft community."
A Computer Science student, known as Dogboy21 on GitHub, discovered around 36 mods that are susceptible to the so-called "Bleeding Pipe" attack. They warn that "playing with unpatched mods is absolutely dangerous" at the moment.
Hackers have already attempted (and in some cases, succeeded) in gaining access to Microsoft tokens and browser sessions. However, due to their ability to execute any code on the target system, their actions can be virtually limitless.
Comments