{"id":52254,"date":"2023-06-08T14:07:37","date_gmt":"2023-06-08T14:07:37","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34706\/Dozens-Of-Popular-Minecraft-Mods-Found-Infected-With-Fracturiser-Malware.html"},"modified":"2023-06-08T14:07:37","modified_gmt":"2023-06-08T14:07:37","slug":"dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/","title":{"rendered":"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/05\/system-hacked-800x450.jpg\" alt=\"Dozens of popular Minecraft mods found infected with Fracturiser malware\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/06\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">22<\/span> <span class=\"visually-hidden\"> with <\/span> <\/a> <\/aside>\n<p> <!-- cache hit 102:single\/related:ac1b517c6608e5c7c575b00db8d2adf6 --><!-- empty --><\/p>\n<p>A platform that provides plugin software for the wildly popular <em>Minecraft<\/em> game is advising users to immediately stop downloading or updating mods after discovering malware has been injected into dozens of offerings it makes available online.<\/p>\n<p>The mod-developer accounts were hosted by CurseForge, a platform that hosts accounts and forums related to add-on software known as mods or plugins, which extend the capabilities of the standalone <em>Minecraft<\/em> game. Some of the malicious files used in the attack date back to mid-April, a sign that the account compromises have been active for weeks. Bukkit.org, a developer platform run by CurseForge, is also believed to be affected.<\/p>\n<h2>Fracturiser infecting Windows and Linux systems<\/h2>\n<p>\u201cA number of Curseforge and dev.bukkit.org (not the Bukkit software itself) accounts were compromised, and malicious software was injected into copies of many popular plugins and mods,\u201d gamers wrote in a <a href=\"https:\/\/hackmd.io\/B46EYzKXSfWSF35DeCZz9A\">forum<\/a> dedicated to discussing the event. \u201cSome of these malicious copies have been injected into popular modpacks including Better Minecraft. There are reports of malicious plugin\/mod JARs as early as mid-April.\u201d<\/p>\n<p>Officials with Prism Launcher, maker of an open source <em>Minecraft<\/em> launcher, <a href=\"https:\/\/prismlauncher.org\/news\/cf-compromised-alert\/\">described<\/a> the infections as \u201cwidespread\u201d and listed the following mods as affected:<\/p>\n<p><strong>CurseForge:<\/strong><\/p>\n<ul>\n<li aria-level=\"1\">Dungeons Arise<\/li>\n<li aria-level=\"1\">Sky Villages<\/li>\n<li aria-level=\"1\">Better MC modpack series<\/li>\n<li aria-level=\"1\">Dungeonz<\/li>\n<li aria-level=\"1\">Skyblock Core<\/li>\n<li aria-level=\"1\">Vault Integrations<\/li>\n<li aria-level=\"1\">AutoBroadcast<\/li>\n<li aria-level=\"1\">Museum Curator Advanced<\/li>\n<li aria-level=\"1\">Vault Integrations Bug fix<\/li>\n<li aria-level=\"1\">Create Infernal Expansion Plus &#8211; Mod removed from CurseForge<\/li>\n<\/ul>\n<p><strong>Bukkit:<\/strong><\/p>\n<ul>\n<li aria-level=\"1\">Display Entity Editor<\/li>\n<li aria-level=\"1\">Haven Elytra<\/li>\n<li aria-level=\"1\">The Nexus Event Custom Entity Editor<\/li>\n<li aria-level=\"1\">Simple Harvesting<\/li>\n<li aria-level=\"1\">MCBounties<\/li>\n<li aria-level=\"1\">Easy Custom Foods<\/li>\n<li aria-level=\"1\">Anti Command Spam Bungeecord Support<\/li>\n<li aria-level=\"1\">Ultimate Leveling<\/li>\n<li aria-level=\"1\">Anti Redstone Crash<\/li>\n<li aria-level=\"1\">Hydration<\/li>\n<li aria-level=\"1\">Fragment Permission Plugin<\/li>\n<li aria-level=\"1\">No VPNS<\/li>\n<li aria-level=\"1\">Ultimate Titles Animations Gradient RGB<\/li>\n<li aria-level=\"1\">Floating Damage<\/li>\n<\/ul>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Participants posting in the forum said the malware used in the attack, dubbed Fracturiser, runs on Windows and Linux systems. It\u2019s delivered in stages that are initiated by Stage 0, which begins once someone runs one of the infected mods. Each stage downloads files from a command-and-control server and then calls for the next stage. Stage 3, believed to be the final stage in the sequence, creates folders and scripts, makes changes to the system registry, and goes on to perform the following:<\/p>\n<ul>\n<li aria-level=\"1\">Propagate itself to all JAR (Java archive) files on the filesystem, possibly allowing Fracturiser to infect other mods that weren\u2019t downloaded from CurseForge or BukkitDev<\/li>\n<li aria-level=\"1\">Steal cookies and login information for multiple Web browsers<\/li>\n<li aria-level=\"1\">Replace cryptocurrency addresses in the clipboard with alternate ones<\/li>\n<li aria-level=\"1\">Steal Discord credentials<\/li>\n<li aria-level=\"1\">Steal Microsoft and <em>Minecraft<\/em> credentials<\/li>\n<\/ul>\n<p>As of 10:45 California time, only four of the major antivirus engines detect Fracturiser, according to samples of the malware posted to VirusTotal <a href=\"https:\/\/www.virustotal.com\/gui\/file\/1d6724e56d3a9f8303dc840c3ed1f3ac3cf768c6ef02659d870ace5a2172db09\/detection\">here<\/a> and <a href=\"https:\/\/www.virustotal.com\/gui\/file\/2ab1bd2678f5ff501bd9fe8778896c151e26baf5c4dc87a3dc33fe46400b9e8a\/detection\">here<\/a>. Forum participants said that people who want to manually check their systems for signs of infection should look for the following:<\/p>\n<ul>\n<li class data-startline=\"62\" data-endline=\"62\" data-position=\"5228\" data-size=\"0\"><strong data-position=\"5228\" data-size=\"0\">Linux<\/strong>: <code data-position=\"5240\" data-size=\"23\">~\/.config\/.data\/lib.jar<\/code><\/li>\n<li class data-startline=\"63\" data-endline=\"67\" data-position=\"5267\" data-size=\"0\"><strong data-position=\"5267\" data-size=\"0\">Windows<\/strong>: <code data-position=\"5281\" data-size=\"44\">%LOCALAPPDATA%\\Microsoft Edge\\libWebGL64.jar<\/code> (or <code data-position=\"5332\" data-size=\"45\">~\\AppData\\Local\\Microsoft Edge\\libWebGL64.jar<\/code>)\n<ul data-position=\"5384\" data-size=\"0\">\n<li class data-startline=\"64\" data-endline=\"64\" data-position=\"5386\" data-size=\"0\">Make sure to show hidden files when checking<\/li>\n<li class data-startline=\"65\" data-endline=\"65\" data-position=\"5437\" data-size=\"0\">Yes, \u201cMicrosoft Edge\u201d with a space. MicrosoftEdge is the legitimate directory used by actual Edge.<\/li>\n<li class data-startline=\"66\" data-endline=\"66\" data-position=\"5542\" data-size=\"0\">Also check the registry for an entry at <code data-position=\"5583\" data-size=\"64\">HKEY_CURRENT_USER:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run<\/code><\/li>\n<li class data-startline=\"67\" data-endline=\"67\" data-position=\"5656\" data-size=\"0\">Or a shortcut in <code data-position=\"5674\" data-size=\"55\">%appdata%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup<\/code><\/li>\n<\/ul>\n<\/li>\n<li class data-startline=\"68\" data-endline=\"69\" data-position=\"5734\" data-size=\"0\"><strong data-position=\"5734\" data-size=\"0\">All other OSes<\/strong>: Unaffected. The malware is hardcoded for Windows and Linux only. It is possible it will receive an update adding payloads for other OSes in the future.<\/li>\n<\/ul>\n<p>People investigating the incident have made scripts available <a href=\"https:\/\/prismlauncher.org\/news\/cf-compromised-alert\/\" target=\"_blank\" rel=\"noopener\">here<\/a> to help check for these files. CurseForge has disinfection guidance <a href=\"https:\/\/support.curseforge.com\/en\/support\/solutions\/articles\/9000228509-june-2023-infected-mods-detection-tool\/\">here<\/a>.<\/p>\n<p>On social media, CurseForge officials <a href=\"https:\/\/twitter.com\/CurseForge\/status\/1666364916935151616\">said<\/a> that a &#8220;malicious user has created several accounts and uploaded projects containing malware to the platform.&#8221; The officials went on to say that a user belonging to mod developer Luna Pixel Studios was also hacked and the account was used to upload similar malware.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>In an update CurseForge officials sent over a Discord channel, they wrote:<\/p>\n<blockquote>\n<ul data-position=\"8094\" data-size=\"0\">\n<li class data-startline=\"113\" data-endline=\"113\" data-position=\"8096\" data-size=\"0\">A malicious user has created several accounts and uploaded projects containing malware to the platform<\/li>\n<li class data-startline=\"114\" data-endline=\"114\" data-position=\"8203\" data-size=\"0\">Separately a user belonging to Luna Pixel Studios (LPS) was hacked and was used to upload similar malware<\/li>\n<li class data-startline=\"115\" data-endline=\"115\" data-position=\"8313\" data-size=\"0\">We have banned all accounts relevant to this and disabled the LPS one as well. We are in direct contact with the LPS team to help them restore their access<\/li>\n<li class data-startline=\"116\" data-endline=\"116\" data-position=\"8473\" data-size=\"0\">We are in the process of going through ALL new projects and files to guarantee your safety. We are of course <u>holding the approval process of all new files until this is resolved<\/u><\/li>\n<li class data-startline=\"117\" data-endline=\"117\" data-position=\"8662\" data-size=\"0\">Deleting your CF client isn\u2019t a recommended solution as it will not solve the issue and will prevent us from deploying a fix. We are working on a tool to help you make sure you weren\u2019t exposed to any of this. In the meantime refer to information published in #current-issues.<\/li>\n<li class data-startline=\"118\" data-endline=\"118\" data-position=\"8942\" data-size=\"0\">This is relevant ONLY to Minecraft users<\/li>\n<li class data-startline=\"119\" data-endline=\"120\" data-position=\"8987\" data-size=\"0\">To be clear <strong data-position=\"8999\" data-size=\"0\">CurseForge is not compromised! No admin account was hacked.<\/strong><\/li>\n<\/ul>\n<p data-position=\"9067\" data-size=\"0\">We are working on this to make sure the platform remains a safe place to download and share mods. Thank you to all authors and users who help us with highlighting, we appreciate your cooperation and patience \u2764\ufe0f<\/p>\n<\/blockquote>\n<p>In an online interview, an official with Luna Pixel Studio wrote:<\/p>\n<blockquote>\n<p>Basically our Modpack developer installed a malicious mod from the latest updated section in the Curseforge Launcher. He wanted to test and see if it was worth adding to the new Modpack update and since it was approved from Curseforge it was overlooked. After launching the Modpack it wasn&#8217;t something we wanted so we removed it but at that stage it was too late and the malware has already started on stage 0.<\/p>\n<p>Everything seemed fine until the next day and then projects on curseforge from the LunaPixelStudios accounts started uploading files and archiving them after. We only picked up on this due to a user asking for a changelog for one of the mods but we never updated it so we checked it out. From there we contacted a lot of people that did amazing work trying to stop it. Mostly it doesn&#8217;t seem many were affected but it is suspected that Malicious mods were found dated back to Match of 2023.<\/p>\n<\/blockquote>\n<p>This is a breaking story. More details will be added as warranted.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34706\/Dozens-Of-Popular-Minecraft-Mods-Found-Infected-With-Fracturiser-Malware.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":52255,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[4764],"class_list":["post-52254","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackermalwaremicrosoftbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-08T14:07:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/05\/system-hacked-800x450.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware\",\"datePublished\":\"2023-06-08T14:07:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/\"},\"wordCount\":1011,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware.jpg\",\"keywords\":[\"headline,hacker,malware,microsoft,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/\",\"name\":\"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware.jpg\",\"datePublished\":\"2023-06-08T14:07:37+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,microsoft,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwaremicrosoftbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/","og_locale":"en_US","og_type":"article","og_title":"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-06-08T14:07:37+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/05\/system-hacked-800x450.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware","datePublished":"2023-06-08T14:07:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/"},"wordCount":1011,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware.jpg","keywords":["headline,hacker,malware,microsoft,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/","url":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/","name":"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware.jpg","datePublished":"2023-06-08T14:07:37+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,microsoft,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwaremicrosoftbackdoor\/"},{"@type":"ListItem","position":3,"name":"Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=52254"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52254\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/52255"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=52254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=52254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=52254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}