When Dungeons Arise shipped Fracturiser malware

When Dungeons Arise was another trusted CurseForge project used as a Fracturiser carrier. The attack path was ordinary publishing authority: compromise the account, upload a JAR, let users install it as an update.

The project had a real source repository and a real player base. That matters for scope: this was not typosquatting or a fake package, but a malicious artifact pushed through a legitimate mod distribution surface.

The infected JAR led into the common Fracturiser chain. Public reports described staged Java malware that targeted Windows and Linux hosts and focused on secrets that could support account theft and further propagation.

For players and server operators, the project name was the practical indicator. They needed to know whether this specific mod had been present in a mod folder, launcher profile, or server package during the affected window.

Keeping this as its own attack record makes the data searchable by project. The campaign record carries the shared malware and response; this record captures the concrete mod page and affected artifact path.

Motive

Credential Theft

Attribution

Group

Cause

Compromised Account Credentials

Transitive

No

Actor

Cybercriminal Gang

• June 2023 - Infected mods detection toolsupport.curseforge.com
• Infected Minecraft mods lead to multi-stage, multi-platform infostealer malwarebitdefender.com