Minecraft Curseforge Malware Issues Explained and How to Check Your Files

Minecraft 1.20 is finally here! And while many players are celebrating by diving right into their adventures in the Trails and Tales update, others are struggling due to malware attacks across a number of popular mods and modpacks most especially related to Curseforge. This malware attack centers on mods and modpacks on Curseforge as well as launchers with Curseforge integration and many popular modpacks (which we list in full below). With that, here's what we know about the Minecraft Curseforge malware news and how you can check if your files have been infected as a result.

Minecraft Modpack Hacks Lead to Massive Malware Wave

As revealed by Curseforge in an official announcement here, malicious users have managed to upload projects containing malware as well as hack and infiltrate several popular mods and modpacks across Curseforge, uploading infected files disguised as innocuous bug fixes among other things. Thus far, this has been confirmed to affect the following mods and modpacks, a list that is dynamically growing as more cases are discovered:

• Golem Awakening
• Phanerozoic Worlds
• Autobroadcast
• Museum Curator Advanced
• Vault Integrations (Bug Fix) *Note - Not the Modpack Vault Integrations
• AmazingTitles
• dungeonx * Note - Not DungeonZ
• HavenElytra
• DisplayEntityEditor
• The Nexus Event Custom Event
• SimpleHarvesting
• McBounties
• More and Ore advanced
• Easy Custom Foods
• AntiCommandSpam Bungeecord Support
• UltimateLevels
• AntiRedstoneCrash
• hydrationPlugin
• NoVPN
• Fragment Permission Plugin
• Anti ChatReport
• Additional Weapons+
• Just Enough Ingots
• UVision ENHANCED(server pack only)
• UVision Server(server pack only)
• UVision LITE (server pack only)
• Create: Diesel and Oil Generators
• Ultra Swords Mod

So what can users do to see if their machine is infected? Thankfully, Curseforge has released an easy solution.

How to Check if Your Machine is Infected

For anyone who has any possibility of having downloaded infected files, even if done automatically via Curseforge or an integrated Minecraft client, it's important to run this program to check if your files are safe. Curseforge is currently developing additional programs in order to check if any adjacent Minecraft mods or other files not related to Curseforge or integrated with Curseforge have been infected by proxy, and we'll have that program here once it's been published. For now, we recommend the following to address these issues:

• Download and run the detector program to ensure your files are safe whether you have or haven't played modded Minecraft in the last 24 hours.
• Ensure the files that come up as suspicious are ones you've intentionally placed there. If they aren't, you may need to delete them.
• Rerun the scanner after deletion to ensure your machine is safe.
• Change major passwords once your machine comes up clear to be safe.

Once you complete these steps, make sure to avoid any modded Minecraft for the time being, and enjoy the launch of Minecraft 1.20 the Vanilla way.