'Minecraft' mod exploit lets hackers control your device

You'll want to scan for viruses.

Georg Wendt/picture alliance via Getty Images

You might want to run antivirus tools if you use certain Minecraft mods. The MMPA security community has learned that hackers are exploiting a "BleedingPipe" flaw in the Forge framework powering numerous mods, including some versions of Astral Sorcery, EnderCore and Gadomancy. If one of the game tweaks is running on Forge 1.7.10/1.12.2, intruders can remotely control both servers and gamers' devices. In one case, an attacker was using a new exploit variant to breach a Minecraft server and steal both Discord chatters' credentials as well as players' Steam session cookies.

As Bleeping Computer explains, BleedingPipe relies on incorrect deserialization for a class in the Java code powering the mods. Users just have to send special network traffic to a server to take control. The first evidence of BleedingPipe attacks surfaced in March 2022 and were quickly patched by modders, but MMPA understands most servers running the mods haven't updated.

We've asked Mojang parent company Microsoft for comment. It's not responsible for Forge, so the tech giant can't necessarily stop or limit the damage. You won't be affected if you use stock Minecraft or stick to single-player sessions.

The full scope of the vulnerability isn't clear. While there are 46 mods known to fall prey to BleedingPipe as of this writing, there's the potential for considerably more. Users are asked to scan their systems (including their Minecraft folder) for malware. Server operators, meanwhile, are urged to either update mods or stop running them entirely. MMPA also has a PipeBlocker mod that protects everyone involved, although mod packs may cause problems if the mods haven't been updated.