When Dungeons Arise
When Dungeons Arise mod compromised with Fracturiser malware
A developer account with publishing rights for the popular 'When Dungeons Arise' Minecraft mod on CurseForge was compromised. Attackers uploaded a malicious JAR file disguised as a legitimate update. This file contained the 'Fracturiser' malware, designed to steal credentials (Discord, Microsoft, Minecraft) and spread to other JAR files on the user's system.
- Date
- 2023-05-01 to 2023-06-08
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Data Exfiltration
- Cause
- Compromised Account/Credentials
What Was Affected
Package
When Dungeons Arise
LanguageJava
ComponentGame mod
Artifact typebinary archive
Domain typepackage host
Domain
curseforge.com
Repository
github.com/Aureljz/When-Dungeons-Arise
Incident Context
- Motive
- Credential Theft
- Attribution
- Cybercriminal Gang
- Observed Duration
- 38 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:5584ac1f8b713d2f6310bd3cde425b775402fbc70e56e5e8d774bec15703ca79
External References
Source Data
Source record: oss/when-dungeons-arise/meta.yaml