Minecraft is one of the most popular games on the planet even after a decade of being on the market. Because of that, it has a massive modding scene, full of additions to the game and maps for players to explore. It also means that certain hackers might see its huge playerbase as a potential community worth infecting simply due to its sheer size. Putting both of those things together, the Minecraft Malware Prevention Alliance (MMPA) has recently noticed a new security vulnerability in the modding scene that has opened many users’ PCs and servers up to being hacked through a program it calling the “BleedingPipe.”
Videos by ComicBook.com
Now, it’s important to note that just because you use mods or play on a multiplayer server, you’re not necessarily at risk. That said, the list of mods that have been affected by BleedingPipe is large. It includes at least three dozen mods that many players and servers use, including things like AetherCraft and ttCore. Fortunately, with the MMPA noticing the issue quickly, one user was able to issue a patch that should fix the issues. As demonstrated by Tom’s Hardware, you just need to make sure you aren’t using a version of a modpack on either 1.7.10 or 1.12.2. Those are the two that seem to be vulnerable to the hack, so updating your modpack with the patch should keep your Minecraft server safe.
As to how this works, BleedingPipe is using a problem with Java to feed code to a server. The code is then “deserialized ” and infects the server, which can then be used to infect individual PCs from there. As you can guess, if that code is malicious, it will quickly create both server and client-side issues that could easily result in some very bad things happening to your PC.
Fortunately, the MMPA has players’ backs and has already issued a fix. You just need to run a scanning program like JSus or jNeedle to scan your Minecraft mods, and if they’re unsafe, you can use the fix to patch up the issues. If you’re playing on a server, it might also be worth alerting whoever’s in charge of it to this issue and making sure they’ve done the work to check on the server’s files.