Edit no2:
So, after checking with Curseforge’s discord server, they’ve confirmed that it’s only effecting Minecraft users, and WoW related content is safe.
https://paste.pics/OEQK8
Screenshot from CF confirming through communications that it’s a Minecraft only issue. Sorry for raising a false alarm, guys.
Edit: Snippet from Blu;
tldr
It appears unlikely that we as WoW players would have been affected due to how the game client interprets add-ons for WoW.
Personally, I’m scanning anyways, though. Can’t hurt.
Original meat of the post is under the quote.
While normally it's in the realm of the UI and Macro forums to involve Curseforge, (yes, the Overwolf managed one) it has had a breach, of sorts.
Many author accounts were hacked and uploaded with malware.
I have a screenshot of directions below, but basically the jist is presently do not use Curseforge to update or acquire add-ons.
Follow the instructions in the screenshot to thoroughly use your antivirus software and scan, quarantine, and remove any potentially effected files.
If someone could get a more permanent link of the screenshot, that’d be nice, since pastepic is known to randomly eject their screenshots.
https://paste.pics/OEPC2
Copy and paste this into a web browser and it should bring up a pertinent snippet of what to do (If you have Opera or Chrome, highlighting it should provide the option to right click and immediately open it as an URL)
It’s never a bad time to do a scan, though. The main target appears to be mostly Minecraft related mod packs since it’s vastly more popular, but you never know.
Man DBM goes out of date like every 6 hours, this will definitely be problematic. So many possibilities for infection just from DBM updates and Minecraft mod packs, truly diabolical.
I find it a bit disgusting that the perpetrator(s) targeted a game that a large amount of children play. My nephew loves the game and I’d hate for him to end up being barred from playing (not to mention potentially bricking the computer) because some scumbag wanted to upload viruses into hacked accounts.
Luckily, I’ve already scrubbed his PC and removed some suspicious files originating in a Mojang folder, so it definitely isn’t some rumor.
Your not seeing any posts on it as it’s irrelevant to World of Warcraft addons.
The “mods” and “modpacks” they are talking of are mainly minecraft related.
Which work via Java.
So of course they would more vulnerable to malicious attack vendors affecting someone’s computer then wow addons. This has always been a vulnerability as minecraft mods have always worked via java. Since day 1.
World of Warcraft addons meanwhile work via XML text files and other text files containing Lua code.
These have to be interpeted by a Lua parser on your computer. The wow client is this lua parser for wow addons.
While file and networking functions are a part of Lua for Blizzard’s implentation of it inside wow those functions are either non functional or completely removed. Wow addons CAN not affect your computer as to it concepts like files or the internet doesn’t exist to them.
Furthermore to actually do anything malicious on your computer they would
(a) Need to be written with a particular parser in mind
(b) That Lua parser needs to actually be installed on your computer
(c) Need to be run by that parser
It’s not my intent to scaremonger, sorry. I was made aware that Curseforge had been compromised to some extent, and didn’t know how those work.
However, is the act of merely downloading add-ons that may have dangerous or malicious files piggybacking still present?
Either way, I’ll be editing in the info in the OP to help put people at ease that it’s unlikely that WoW’s section of CF was affected. Thank you Blu.
Not unless your really really bad at updating your OS or have exceptionally bad internet habits.
People download addons either using an addon client like WowUp or downloading them via a web browser , unzipping them and smacking them into the Addons folder.
There shouldn’t be anything inherently dangerously about that.
Meanwhile we’ve had confirmation from Curseforge. It was solely related to Minecraft mods. They were never comprimised - it was one project and seperately one user uploading malicious projects.
Can I get the source for that? It’s not that I don’t believe it, but I’d need it just for telling my guildies and such that we’re a-okay to continue using Curseforge.
Alrighty, I got what I need.
I’ll make a screenshot based on that to update the OP and to post to my guild’s own discord.
Thanks Blu, it (for some reason) didn’t even occur to me that Curseforge would have their own discord server, despite having a screenshot from it.
You’ve been pretty helpful, appreciate it!
I would point out that zip files can carry malicious payloads as well. The simple act of unzipping a file can silently infect your system if your using something old to do it.
Because the act of downloading certain files can bring on bad actors, I don’t find it scaremongering at all. Being from a guild that games with older gamers, having proper updates and bad habits are par for the course for some.
The OP has edited current information (which may not have been the case at the time of your post, I get that). Because corporations aren’t always known for being truthful, I think it’s fair to post a concern. It allows those that want to run their files through a scanner to feel better or make sure it’s safe. I appreciate the post and have shared it with my community to allow them to make the decision for themselves how concerned they want to be. Some of them probably play minecraft (or their kids do!) on their PC as well.