Minecraft Mods Malware (Fractureiser): How To Detect

Guides

If you frequently use Minecraft mods, it’s important to be aware of a recent malware called Fractureiser that has been uploaded to some projects on Curseforge. Users of specific mods have been confirmed to be infected with this malware. In this article, we will cover how to detect if your PC is affected and how to find other infected mods or jar files.

Note: This malware has only affected PC and Linux and not Mac. However, we do recommend Mac users still research more information related to this issue.

Which Minecraft Mods are Affected by Malware in June 2023?

There are some projects that have been infected and taken down permanantly. The affected projects are listed on the official support page of Curseforge. Here are the projects that have been permanently taken down:

  • Golem Awakening
  • Phanerozoic Worlds
  • Autobroadcast
  • Museum Curator Advanced
  • Vault Integrations (Bug Fix) *Note – Not the Modpack Vault Integrations
  • AmazingTitles
  • dungeonx * Note – Not DungeonZ
  • HavenElytra
  • DisplayEntityEditor
  • The Nexus Event Custom Event
  • SimpleHarvesting
  • McBounties
  • More and Ore advanced
  • Easy Custom Foods
  • AntiCommandSpam Bungeecord Support
  • UltimateLevels
  • AntiRedstoneCrash
  • hydrationPlugin
  • NoVPN
  • Fragment Permission Plugin
  • Anti ChatReport
  • Additional Weapons+
  • UVision ENHANCED(server pack only)
  • UVision Server(server pack only)
  • UVision LITE (server pack only)
  • Create: Diesel and Oil Generators
  • Ultra Swords Mod
  • Simple Frames
  • AntiCrashXXL
  • Skelegram – The Skript Telegram Addon!

How to Detect & Find Out if You Have Gotten the Malware?

  • First, run the anti-malware tool that may already be installed on your PC.
  • Next, download the detection tools for Windows and Linux and run them. Here’s the github link.
Image source: Curseforge support
  • Once the malware is detected, ensure that you display hidden files too. The option will be in your File Explorer > View Menu > Hidden Items.
  • Make sure to delete each and every malware file.
  • The official support page of Curseforge suggests that you need to delete the Microsoft Edge folder (the name will have a space in it) completely because this is made by malware. The genuine Edge folder won’t have a space in its name.
  • Run the Jar Malware Scanning tool to check whether any Jar files have been infected. Once the scan is done, delete the Jar files that are problematic.

If you use Minecraft mods regularly, it is critical that you take action immediately and check if your PC has been affected. We advise you to regularly run malware and virus checks on your PC.

What is Fractureiser Malware?

Fractureiser is a virus that has been found in many Minecraft projects available on Curseforge. Numerous renowned modpacks have been affected, and it’s important that users utilize the detection tools. It is called Fractureiser because that’s the name of the account that has uploaded the malicious files, as mentioned on the github page of Fractureiser investigation.

If you are affected, ensure that you keep checking updates on the official Curseforge and Github pages linked above because the investigation is still ongoing as of this article’s publication.

For those who want to stay safe, we advise you to avoid downloading any Minecraft mods for a while. That’s because the full extent of this malware is not yet known. If you have used mods in the past few months and want to know how to stay safe, it’s suggested not to launch Minecraft at all, even the vanilla version. Visit Reddit for further discussion about the Minecraft Mods malware with other users.