Minecraft Mods Are Vulnerable To Exploits As Researchers Detect BleedingPipe Flaw

Posted on August 1, 2023 at 9:57 AM

Minecraft Mods Are Vulnerable To Exploits As Researchers Detect BleedingPipe Flaw

Some Minecraft mods are vulnerable to a bug that calls for the use of antivirus tools. A report by the MMPA security community noted that threat actors were exploiting the BleedingPipe vulnerability within the Forge framework. This framework powered a wide range of mods.

Minecraft mods allow hackers to breach the BleedingPipe flaw

The vulnerability these threat actors exploit includes versions of Astra Sorcery, EnderCore, and Gadomancy. One of the tweaks in this game is operating under Forge 1.7.10/1.12.2.

The intruders behind this hacking attack could gain remote control over the two servers and the gamers’ devices. In one instance, the threat actors deployed a new exploit variant to gain access to a Minecraft server to steal the Discord chatters’ credentials and the Steam session cookies on Steam.

The report said that the hacking campaign is a deserialization exploit of a gadget chain. There was a wide range of exploited cases, but none reported by the hackers have been of a massive volume within the Minecraft community.

“The first hints of this exploit in this specific list of mods go back all the way to March 2022, when this issue was posted on BDLib’s GitHub, hinting at a vulnerability in ObjectInputStream. The GTNH team promptly merged a fix into their fork,” the report said.

After the hacker obtained initial access to the targeted device, the issue progressed for a while until MineYourMind revealed a flaw within the Enigmatica 2 Expert server. The report said that on July 9, 2023, a post on the Forge forum used an RCE that ran on a server and compromised it to send the Discord data of clients.

The issue was confirmed patched in a July 24, 2023 update. The company announced it had issued a fix to the patch and was also working with the developers to install these upgrades.

BleedingPipe flaw attributed to attacks on the Minecraft mods

A report by Bleeping Computer said that the BleedingPipe flaw relied on the inaccurate deserialization of a class within the Java code that powers the mods. Depending on these mods, users will have to transfer the special network traffic to a server allowing them to take control.

The initial evidence of these attacks using the BleedingPipe flaw was noted in March 2022. The flaw was swiftly patched using modders. However, the researchers at MMPA said that they had an understanding that the majority of the servers using mods were yet to be updated.

The payload these hackers launched within the compromised system has yet to be detected. The server administrators are advised to monitor all the mods and note any suspicious file additions through the jNeedle and jSus scanners.

The players using the mods were vulnerable and advised to complete similar scans within the .minecraft directory or the default directory. Those using desktop devices are advised to conduct an antivirus scan and monitor any malicious executables available within the system.

A hacker that wants to mitigate these mods, in general, has to install the PipeBlocker on the clients and the forge servers. Users should also update LogisticsPipes and the other mods to the latest versions. The pre-made modpacks might result in instability and break after updating all the mods.

Mojang’s parent company, Microsoft, is not behind Forge. As such, the tech giant cannot stop or limit the damage caused by this hacking campaign. Users will not be affected if they stock Minecraft or abide by single-player sessions. As such, the hacking campaign did not affect all Minecraft users.

The entire scope of this security flaw is yet to be determined. Currently, 46 mods are known to fall victim to the BleedingPipe flaw. There is a possibility that more mods might be vulnerable to hacks, which is a cause for concern for the affected users.

Users need to run a scan on their system, such as the Minecraft folder, to run a malware campaign. Several server operators are advised to run an update on their mods and ensure that they were not deployed entirely. The PipeBlocker mod will also play a vital role in protecting those affected by the flaw. However, the mod packs might be issued in case mods are not updated.

Summary
Minecraft Mods Are Vulnerable To Exploits As Researchers Detect BleedingPipe Flaw
Article Name
Minecraft Mods Are Vulnerable To Exploits As Researchers Detect BleedingPipe Flaw
Description
Minecraft mods are vulnerable to hacking campaigns. Hackers exploited a BleedingPipe flaw on the Forge framework. The attackers behind the campaign could achieve remote control over two servers and the devices of gamers.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 22, 2023
High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading