Minecraft players under threat from sneaky new malware
The Minecraft Malware Prevention Alliance (MMPA) has warned Minecraft players of a new vulnerability that can allow cybercriminals to run remote code and plant malware on victims’ devices.
Fortunately, despite being actively exploited, it is an attack that is familiar among the Java community and as such, developers are already well-informed when it comes to issuing a fix.
Not so fortunately, though, in the case of this attack, was the scale. According to MMPA, “a bad actor scanned all Minecraft servers on the IPv4 address space.” Following this, the group reckons that a malicious payload might have been deployed onto all affected servers.
Minecraft malware is widespread
The exploit, dubbed ‘BleedingPipe,’ allows full remote code execution on clients and servers running some Minecraft mods on at least versions 1.7.10/1.12.2 of Forge.
Among some of the known affected mods are EnderCore, LogisticsPipes, and BDLib, which have been fixed for the GT New Horizons versions. Others include Smart Moving 1.12, Brazier, DankNull, and Gadomancy.
Despite being a highly exploited vulnerability, MMPA says that no instances have been to this scale in Minecraft so far.
The group says: “We do not know what the contents of the exploit were or if it was used to exploit other clients, although this is very much possible with the exploit.”
Server admins are urged to regularly check for suspicious files, as well as apply updates and security patches as soon as they become available in order to protect players. Players, too, can check for suspicious files, with both jSus and jNeedle being recommended scanning tools.
More broadly, maintaining effective endpoint protection software on consumer machines and being prepared is always good practice.
The Minecraft Malware Prevention Alliance (MMPA) has warned Minecraft players of a new vulnerability that can allow cybercriminals to run remote code and plant malware on victims’ devices. Fortunately, despite being actively exploited, it is an attack that is familiar among the Java community and as such, developers are already…
Recent Posts
Archives
- July 2026
- June 2026
- May 2026
- April 2026
- March 2026
- February 2026
- January 2026
- December 2025
- November 2025
- October 2025
- September 2025
- August 2025
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023