Sky Villages [Forge/Fabric]

Incident Summary

Sky Villages mod compromised with Fracturiser malware

The CurseForge account associated with the 'Sky Villages' Minecraft mod was compromised. Attackers uploaded a malicious JAR file appearing as a legitimate update for the mod. This file contained the 'Fracturiser' malware, which steals various credentials and attempts to infect other JAR files on the victim's computer.

Date: 2023-05-01 to 2023-06-08
Category: Open Source
Target Surface: Distribution
Insertion Phase: distribution
Impact: Data Exfiltration
Cause: Compromised Account/Credentials

What Was Affected

Package Sky Villages [Forge/Fabric]

LanguageJava

ComponentGame mod

Artifact typebinary archive

Domain typepackage host

Domain curseforge.com

Incident Context

Motive: Credential Theft
Attribution: Cybercriminal Gang
Observed Duration: 38 days

Evidence

Compromised Artifacts

curseforge.com/minecraft/mc-mods/sky-villages-forge-fabric

Current Artifacts and Analysis

Indicators and Changes

Hashes

sha256:5584ac1f8b713d2f6310bd3cde425b775402fbc70e56e5e8d774bec15703ca79

External References

support.curseforge.com/en/support/solutions/articles/9000228509-june-2023-infected-mods-detection-tool-and-report

Source Data

Source record: oss/sky-villages/meta.yaml