Translations to other languages:
These were made at varying times in this document's history and may be outdated — especially the current status in README.md.
- 简体中文版本见此
- Polska wersja
- Читать на русском языке
- 한국어는 이곳으로
- Many others that are unfinished can be found in Pull Requests
fractureiser is a virus found in several Minecraft projects uploaded to CurseForge and BukkitDev. The malware is embedded in multiple mods, some of which were added to highly popular modpacks. The malware is only known to target Windows and Linux.
If left unchecked, fractureiser can be INCREDIBLY DANGEROUS to your machine. Please read through this document for the info you need to keep yourself safe.
We've dubbed this malware fractureiser because that's the name of the CurseForge account that uploaded the most notable malicious files.
The fractureiser event has ended — no follow-up Stage0s were ever discovered and no further evidence of activity has been discovered in the past 3 months. A third C&C was never stood up to our knowledge.
A copycat malware is still possible — and likely inevitable — but fractureiser is dead. Systems that are already infected are still cause for concern, and the below user documentation is still relevant.
On 2023-06-08 the fractureiser Mitigation Team held a meeting with notable members of the community to discuss preventive measures and solutions for future problems of this scale. See this page for the agenda and minutes of the event.
emilyploszaj and jaskarth, core members of the team, held a panel at BlanketCon 23 about the fractureiser mitigation effort. You can find a recording of the panel by quat on YouTube.
If you're simply a mod player and not a developer, the above link is all you need. It contains surface level information of the malware's effects, steps to check if you have it and how to remove it, and an FAQ.
Anyone who wishes to dig deeper may also look at
You are not infected.
We've stopped receiving new unique samples, so the sample submission inbox is closed. If you would like to get in contact with the team, please shoot an email to [email protected].
If you copy portions of this document elsewhere, please put a prominent link back to this GitHub Repository somewhere near the top so that people can read the latest updates and get in contact.
The only official public channel that this team ever used for coordination was #cfmalware on EsperNet. We have no affiliation with any Discord guilds.
Do not ask for samples. If you have experience and credentials, that's great, but we have no way to verify this without using up tons of our team's limited time. Sharing malware samples is dangerous, even among people who know what they're doing.
