Minecraft Mods under attack: BleedingPipe exploit infects popular mods

Numerous third-party Minecraft mods have recently been targeted by a remote code exploit called BleedingPipe, as discovered by the user group called Minecraft Malware Prevention Alliance (MMPA). The exploit uses Java deserialization to infect servers or clients with popular mods installed, including AetherCraft, Immersive Armors, and ttCore. Modpacks of versions 1.7.10 and 1.12.2 are especially vulnerable.

BleedingPipe works by exploiting a flaw in Java's ObjectInputStream class, which allows hackers to transmit data embedded with malicious code to servers. The server then deserializes the data, causing an infection which can spread to a player's PC.

However, only players on servers with the affected mods are at risk. MMPA recommends using a scanner like JSus or jNeedle to check for infected files in your .minecraft directory. A potential solution, proposed by a German Computer Science student known as Dogboy21, involves adding a JAR file in your mods folder to patch the vulnerability.