An apparent Minecraft RCE hack is currently taking place, impacting servers that run certain mods in the sandbox game, putting you in danger of getting hacked if you play in servers with them enabled. While the extent of the supposed hack remains unclear, many in the Minecraft community are issuing warnings to players.
The Minecraft Malware Prevention Alliance (MMPA) has highlighted what it calls Bleeding Pipe, a Remote Code Execution vulnerability that’s impacting certain Minecraft players depending on their mods and mod packs (via Tom’s Hardware).
Bandai Namco has only just brought back Dark Souls servers after an RCE hack itself, which allowed bad actors that were posing as in-game invaders to gain access to a player’s PC and execute malicious code.
According to the MMPA, 1.7.10 and 1.12.2 mod packs are vulnerable, but any other version of Minecraft can be impacted if an affected mod is installed. “As we do not know the contents of the payload being sent to the vulnerable servers, there is no concrete way of detecting this attack. There are still a few potential methods for detection listed below,” the MMPA says.
The MMPA does also list a handful of mods in this Bleeding Pipe post that appear to be vulnerable, adding that the RCE is impacting servers that use said mods and mod packs. According to Tom’s Hardware, a German computer science student that goes by ‘DogBoy21’ on GitHub has identified three dozen popular mods that are vulnerable to the hack.
“While there are just a relatively small amount of attacks targetting [sic] this vulnerability in the wild, because of the significance of the vulnerability, it is completely dangerous to play with unpatched mods currently,” DogBoy21 says. You can check out DogBoy21’s GitHub page for their patch, but the MMPA also has some advice in its blog post about the hack too. Both sources also contain impacted mods too.
If you’ve been playing on any servers that use the apparently impacted mods, the MMPA recommends you do an antivirus scan, check for suspicious files, scan your .minecraft directory with jSus or jNeedle, or install their mod PipeBlocker.
PCGamesN has reached out to Mojang for comment.