TL;DR: Multiple mod dev accounts were compromised in a targeted attack and many mods were injected with malware. Both Windows and Linux are affected. The malware propagates into all your jar files on your computer and attempts to steal login info on your browser, Discord, and Minecraft/Microsoft account. Because of the way it propagates itself, it is current unknown how widespread this malware is.
If you are playing on Windows or Linux and you use mods make sure to read this document and check to see if you’re infected. Also even if you seem to be uninfected, it is also possible that you can still have the malware in a dormant state on your computer. If you have ever downloaded mods in the last couple months, you might want to consider not playing until we learn more about the malware if you’re concerned about your data.
Known infected mods:
CurseForge:
- Dungeons Arise
- Sky Villages
- Better MC modpack series
- Dungeonz
- Skyblock Core
- Vault Integrations
- AutoBroadcast
- Museum Curator Advanced
- Vault Integrations Bug fix
- Create Infernal Expansion Plus - Mod removed from CurseForge
Bukkit:
- Display Entity Editor
- Haven Elytra
- The Nexus Event Custom Entity Editor
- Simple Harvesting
- MCBounties
- Easy Custom Foods
- Anti Command Spam Bungeecord Support
- Ultimate Leveling
- Anti Redstone Crash
- Hydration
- Fragment Permission Plugin
- No VPNS
- Ultimate Titles Animations Gradient RGB
- Floating Damage