PSA: RE: CurseForge Client

Update: Didn’t realize this information provided was mostly for Minecraft players. Marked the post by fellow, MVP, Bluspacecow as Solution in this post so everyone is aware!

Still use caution however if you do play Minecraft however!

Thanks all! :smiley:

-----Original Message-----

Hey everyone,

Security announcement here. For those that use the CurseForge Client to download or update ANY AddOn’s.

CurseForge has issued an advisory notice as per below:

It has come to our attention that one or more authors of popular mods and modpacks have had their accounts compromised and used to spread malware.
At this time we cannot confirm how these accounts were compromised and we recommend not updating any mods or modpacks until the extent of the attack is ascertained.

Figured I would post here on the Customer Support Forum, So everyone here is aware of the situation!

Thanks everyone!

10 Likes

Any ideas which onesthis also good for general and ui macro.

Seriously? Damn, I just downloaded an addon today, called Plater.

Do you have a direct link to the advisory? I didn’t see anything super visible at CurseForge?

Yup! The advisory is on their Official Discord Server under the Current Issues category!

CurseForge Discord Link: https://discord.gg/curseforge

Hmmm. Looks like this is specific to Minecraft.

If you leap down the rabbithole, it leads to:

Oh hey folks.

Yes there has to do with Mine craft mods mainly.

This because Minecraft addons work via java and small bits of C Code that can be executed on a target machine. Because of this there has always been a risk downloading minecraft mods from the day they were avaliable.

World of warcraft addons meanwhile are sandboxed. They can’t access your file system or your network as the vital function calls in the Lua API that do this are removed from wow’s implementation of the Lua parser. It can’t affect them because to addons they don’t exist.

While there have been instances of Malicous addon code it usually doesn’t last very long as the vibrant Addon author community is pretty viligilant on that front. And in any case only afffects things in game and not outside it.

27 Likes

I am absolutely blown away and in awe… that people play Minecraft.

Curseforge has stated that this has been resolved now.

5 Likes