New virus found Minecraft that hackers can use to infect users' computers around the world

In the latest cybersecurity development for the Minecraft community, players and server operators are facing a new and perilous threat known as 'BleedingPipe.' The exploit, discovered by the user group 'Minecraft Malware Prevention Alliance' (MMPA), has the potential to allow malicious actors to execute remote code on targeted computers. The vulnerability relies on Java deserialization and poses a significant risk to servers or clients with certain popular mods installed.

MMPA warns that the list of vulnerable Minecraft mods is extensive, comprising around three dozen popular ones, including AetherCraft, Immersive Armors, and ttCore. German Computer Science Student and GitHub user 'Dogboy21' has been at the forefront of identifying the affected mods. To address the issue, Dogboy21's GitHub page offers a patch that requires users to replace their existing JAR files with a new version in their mods folder.

According to Tom's Hardware, the exploit centers on a flaw in the ObjectInputStream class in Java. By sending data containing malicious code to the server, hackers can exploit the process of deserialization to execute the code on the server side. Likewise, infected servers could transmit binary data back to connected clients, leading to local execution of malicious code on players' devices.

The ramifications of an attack can be severe, allowing bad actors to potentially steal sensitive user data for identity theft or use infected computers for launching Botnet attacks on other systems.

One prominent incident occurred in early July when a player, known as Yoyoyopo5, was livestreaming on a public server using Forge 14.23.5.2860 mods. A hacker managed to exploit BleedingPipe during the live stream and gain control over all connected players' devices. In the aftermath, Yoyoyopo5 reported that the hacker used the remote code to steal browser, Discord, and Steam session information.

The severity of the threat extends beyond individual servers. According to MMPA, a bad actor has already scanned the entire IPv4 address space for Minecraft servers and may have deployed a malicious payload. This means any server using an affected mod could be at risk of infection.

Although BleedingPipe shares similarities with the recently discovered Log4j exploit in Java logging library, it is not the same. Minecraft.net, an official Microsoft site, has issued a warning and provided mitigations for the Log4j vulnerability.

To safeguard themselves, players who join others' servers are advised by MMPA to check for infected files in their .minecraft directory using scanners like JSus or jNeedle. For users with affected mods, Dogboy21 recommends downloading the available patch as a precautionary measure.

For server operators, MMPA recommends scanning all installed mods using JSus or jNeedle. Additionally, updating to the latest versions of EnderIO or LogisticsPipes is advised for users of those mods. The group has also developed its own security mod called 'PipeBlocker,' designed to block such attacks.

As the Minecraft community grapples with the BleedingPipe exploit, vigilance and prompt action are crucial to protect against potential security breaches and data theft.

Recently, another virus spread through a game was discovered. It infects players' computers in the multiplayer mode of Call of Duty Modern Warfare 2 (2009). Because of this virus, Activision, the company that developed the game, even had to temporarily stop this game mode on the Steam platform.

Another dangerous virus, Big Heat, disguises itself as a Windows update, and after penetrating the computer, encrypts all files and extorts money from users.