https://prismlauncher.org/news/cf-compromised-alert/Statement on Twitter -
CurseForge (@CurseForge) / TwitterReddit -
(2) Some Curseforge accounts might be compromised/hacked, and are uploading malicious files : feedthebeast (reddit.com)Today, widespread reports of malware being injected into the jar files of popular mods have been detected in a targeted attack against the Minecraft modding scene. These jar files were uploaded on CurseForge and have been distributed since April.
This malware is capable of injecting itself into other JAR files on your system, stealing credentials (Discord and Minecraft/Mojang), among a few other things.
If these files are present on your system, you may be affected.
Linux: .config/.data/lib.jar
Windows: %LOCALAPPDATA%\Microsoft Edge\libWebGL64.jar or ~\AppData\Local\Microsoft Edge\libWebGL64.jar
macOS is entirely unaffected.
If so, you should delete these files immediately. You should change all passwords and ought to consider every jar file on your system affected.
Curseforge has suspended approvals for files. I plan on distributing updates to my plugins today for compatibility with Minecraft 1.20; please understand that this may mean distribution on Curseforge be suspended until file approvals resume.
Cant really find anything else, i get Updates so ill send anything over that comes through.