Treecapitator (Bukkit Plugin)

Incident Summary

Treecapitator Bukkit plugin compromised with Fracturiser malware

An account with publishing rights on BukkitDev for a popular plugin implementing 'Treecapitator' functionality was compromised. A malicious JAR file containing the 'Fracturiser' malware was uploaded, appearing as an update. This malware aimed to steal user credentials (Discord, Microsoft, Minecraft) and propagate itself by infecting other JAR files.

Date: 2023-05-01 to 2023-06-08
Category: Open Source
Target Surface: Distribution
Insertion Phase: distribution
Impact: Data Exfiltration
Cause: Compromised Account/Credentials

What Was Affected

Package Treecapitator (Bukkit Plugin)

LanguageJava

ComponentGame mod

Artifact typebinary archive

Domain typepackage host

Domain dev.bukkit.org

Incident Context

Motive: Credential Theft
Attribution: Cybercriminal Gang
Transitive: No
Observed Duration: 38 days

Evidence

Compromised Artifacts

dev.bukkit.org/projects/treecapitator

Current Artifacts and Analysis

Indicators and Changes

Hashes

sha256:5584ac1f8b713d2f6310bd3cde425b775402fbc70e56e5e8d774bec15703ca79

External References

Source Data

Source record: oss/treecapitator/meta.yaml