therecord.media
Open in
urlscan Pro
2606:4700:4400::6812:20b5
Public Scan
URL:
https://therecord.media/minecraft-bug-allows-hackers-in
Submission: On August 01 via api from TR — Scanned from DE
Submission: On August 01 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
<form><span class="text-black text-sm icon-search"></span><input type="text" name="s" placeholder="Search…" value=""><button type="submit">Go</button></form>Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Leadership * Cybercrime * Nation-state * People * Technology * Mobile App * About * Podcast * Contact Go SUBSCRIBE TO THE RECORD Subscribe Image: Johny Goerend via Unsplash Daryna AntoniukJuly 31st, 2023 * News * Cybercrime * * * * * Get more insights with the Recorded Future Intelligence Cloud. Learn more. BUG IN MINECRAFT MODS ALLOWS HACKERS TO EXPLOIT PLAYERS' DEVICES Researchers have found a critical security hole in Minecraft mods allowing hackers to run malicious commands on the game’s servers and compromise clients’ devices. Dubbed BleedingPipe by the Minecraft security community (MMPA), the vulnerability allows full remote code execution on gamers’ devices and servers running popular Minecraft mods — player-made changes to the game that can add new items, features, or gameplay elements. Minecraft is the best-selling video game in history, with over 238 million copies sold and nearly 140 million monthly active players. The game is now owned by Microsoft. According to the MMPA, the BleedingPipe bug has already been exploited many times but researchers didn’t specify how many Minecraft players were affected. The flaw impacts many Minecraft mods mostly running on the popular modding platform Forge, which uses unsafe deserialization code. Deserialization is the process of converting complex data from a serialized format back into its original form, which can be easily stored or transmitted. If not implemented carefully, it can be exploited by attackers and lead to remote code execution. According to MMPA, any version of Minecraft can be affected by the flaw if an impacted mod is installed. The number of affected Minecraft mods exceeds three dozen. Researchers first became aware of this Minecraft exploit in March 2022 and quickly patched it. However, earlier this month BleedingPipe was used by hackers to steal players' Discord and Steam session cookies. In early July, a Minecraft player who goes by Yoyoyopo5 was hosting a public server with Forge mods, and during a live stream an attacker exploited the BleedingPipe vulnerability to gain control and execute code on all connected players' devices. Yoyoyopo5 reported in his post about the incident that the hacker used this access to pilfer information from web browsers, Discord, and Steam sessions. After the initial reports, researchers discovered that threat actors scanned some Minecraft servers to mass-exploit vulnerable ones, likely deploying a malicious payload onto affected servers. “We do not know what the contents of the exploit were or if it was used to exploit other clients, although this is very much possible with the exploit,” MMPA said. To protect players’ devices from BleedingPipe, MMPA recommends downloading the latest release of impacted mods from the official Minecraft channels. “We recommend that you take this seriously,” researchers said. The game developer has not yet responded to Recorded Future News' request for comment. * * * * * Tags * video game * Minecraft * Microsoft DARYNA ANTONIUK Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post. Previous articleNext article ‘Worm-like’ botnet malware targeting popular Redis storage tool Senegal shuts off mobile internet after arrest of opposition leader * Section 702 surveillance powers necessary, but FBI access needs limits, panel saysJuly 31st, 2023 * Mattress giant Tempur Sealy hit with cyberattack forcing system shutdownJuly 31st, 2023 * Ivanti warns of second vulnerability used in attacks on Norway gov’tJuly 30th, 2023 * CISA, Australia warn of IDOR vulnerabilities after major breachesJuly 28th, 2023 * Senators take another shot at cracking down on ‘dark patterns’July 28th, 2023 * Senator calls on DOJ to investigate alleged China hack of Microsoft cloud toolsJuly 27th, 2023 * Vulnerabilities could expose Ubuntu users to privilege escalation attacks July 27th, 2023 * Hawaiʻi Community College pays ransom after attackers steal personal info of 28,000 peopleJuly 27th, 2023 * Researchers say more than 900,000 MikroTik routers vulnerable to hackersJuly 26th, 2023 BLUEBRAVO ADAPTS TO TARGET DIPLOMATIC ENTITIES WITH GRAPHICALPROTON MALWARE BlueBravo Adapts to Target Diplomatic Entities with GraphicalProton Malware PUTIN’S POTENTIAL SUCCESSORS PART 2: ALEKSEY DYUMIN Putin’s Potential Successors Part 2: Aleksey Dyumin CHINA'S TARGETING OF INTERNATIONAL COMPANIES IN GEOPOLITICAL COMPETITION China's Targeting of International Companies in Geopolitical Competition THE ESCALATING GLOBAL RISK ENVIRONMENT FOR SUBMARINE CABLES The Escalating Global Risk Environment for Submarine Cables NORTH KOREA’S CYBER STRATEGY North Korea’s Cyber Strategy * * * * * Privacy Policy © Copyright 2023 | The Record from Recorded Future News