Just an #FYI for those that use #CurseForge - not just accounts or launchers - they got f**ked and #mods and #modpacks for #Minecraft got hijacked with #malware by unaffiliated 3rd parties.
Apparently CurseForge f**ked up!
https://www.youtube.com/watch?v=ZDtj4lccOg8
#ITsec #Gaming
Addendum: Issue has been remediated.
https://meow.social/@Toothy/110686464545214559
@cai_tan well, AFAIK it only affects #Windows Users so I could also say "Your fault for using a shitty govware - lol" but I think that's kinda assholeist at this point.
I do think it's #CurseForge who fucked up because it's their #API and toolchain and not the modders or users' faults based off the reports...
I mean more than using #2FA as well as strong passwords isn't possible for said people.
@cai_tan But then again that's the norm of the #Enshittification of the #Web in general,
Like even 7th gen #Console #DevKits had better #ITsec than #YouTube does...
https://www.youtube.com/watch?v=yGXaAWbzl5A
not that said console didn't get #leaks...
.... but basically they have always-online - DRM and their #DevKits will basically brick unless they can reach the platform providers' servers and uses a specific IP to do so.
Because I did have to setup the networking for a PS4 devkit years ago so that it would actually run and not be a paperweight....
@kkarhan
>it only affects #Windows Users
Wrong again! The malware was also specifically designed to infect Linux users as well.
>I could also say "Your fault for using a shitty govware - lol" but I think that's kinda assholeist at this point.
You already kind of tipped your hand about how smug and obnoxious about this whole situation when you failed to do a literal five second Google search for more information while pretending to be an expert on the situation.
>I do think it's #CurseForge who fucked up because it's their #API and toolchain and not the modders or users' faults based off the reports...
CurseForge's API had nothing to do with it. Firstly, please note that "Forge Mod Loader" and "CurseForge" are two entirely different entities, please. There's a reason CF isn't in the position to employ anything functional in terms of enforcing things like code signing and whatnot -- the base infra for MC modding is kind of a shitshow with non-deterministic builds and weird dependency fetching. This kind of shit would have, and could have, happened on Modrinth, but fractureiser targeted the more popular website, for incredibly obvious reasons.
Anyways, fracturiser C&C server is still down to this day and all the major distros have detectors for fracturiser malware now. It's old news. Stop being so smug about it, and maybe help out if it's such an easy problem to you.
Here's your sources, buddy.
https://github.com/fractureiser-investigation/fractureiser/blob/main/docs/tech.md
https://github.com/fractureiser-investigation/fractureiser/blob/main/docs/2023-06-08-meeting.md
https://github.com/fractureiser-investigation/fractureiser/blob/main/docs/timeline.md
@cai_tan well, #CurseForge could exercise more due diligence and yes they could make devs sign their binaries and only accept those as well as utilize MFA, but I guess doing what every payment processor has to do since #PSD2 & #3Dsecure is too much to ask.
It kinda conforms my bias against mod managers to some extent tho, even if that's more of a feeling when in most cases, they have good reasons to exist.
Just an #FYI for those that use #CurseForge - not just accounts or launchers - they got f**ked and #mods and #modpacks for #Minecraft got hijacked with #malware by unaffiliated 3rd parties. Apparently CurseForge f**ked up! https://www.youtube.com/watch?v=ZDtj4lccOg8 #ITsec #Gaming Addendum: Issue has been remediated. https://meow.social/@Toothy/110686464545214559 Source: https://vt.social/@cai_tan/110692410557605159
Kevin Karhan 
CAI-TAn (ケィたん)