Minecraft Mod users face BleedingPipe threat: How can you protect yourself

Hackers have found significant security vulnerability in well-known Minecraft mods, which enables them to run distant code on game servers and clients.

Published By: Om Gupta | Published: Aug 01, 2023, 03:19 PM (IST)

Minecraft isn't just a game; it's a legend where you can build, explore, and make connections with players from around the globe. Tons of community-driven experiences thrive, from inspiring structures to adventurers begin on epic quests. Here, friends connect to share stories, and experienced players push the boundaries of innovation. Minecraft offers something for everyone, where creativity knows no bounds, and the thrill of adventure awaits around every corner. Friendship and camaraderie flourish in a digital universe. Whether you're a seasoned player seeking inspiration or a newcomer ready for your first adventure, Minecraft welcomes you with open arms. Join millions of fans who've already experienced the magic of this unparalleled metaverse and begin crafting your own legendary story in the pixelated wonderland of Minecraft.

Highlights

Security vulnerability in Minecraft mods enables hackers to run distant code.
BleedingPipe targets mods on 1.7.10/1.12.2 Forge alongside some other mods.
BleedingPipe has been discovered in numerous Minecraft mods.

Written By Om Gupta

Hackers have found and taken advantage of a significant security vulnerability in well-known Minecraft mods, which enables them to run distant code on game servers and clients.

The exploit, dubbed BleedingPipe, targets mods on 1.7.10/1.12.2 Forge alongside some other mods that use unsafe deserialisation code, such as EnderCore, LogisticsPipes and BDLib. The vulnerability can spread from servers to clients, potentially compromising their personal data and devices.

“This vulnerability can spread past the server to infect any clients that might join, though we do not know if there is any such malware in the wild,” MMPA said in a blog post.

What is BleedingPipe

BleedingPipe is a vulnerability that has been discovered in numerous Minecraft mods. This issue is caused by the improper utilization of deserialization in the ‘ObjectInputStream’ class in Java, which is utilized to transfer network packets between servers and clients, as explained by Bleeping Computer.

The exploit has been known since March 2022 and there was an incident where a hacker utilised a new form of exploit to infiltrate a Minecraft server and acquire the login information of both Discord users and Steam players. They did this by stealing the players’ session cookies.

However, the exploit recently gained attention after several reports of attacks on unsuspecting servers. A bad actor scanned all Minecraft servers on the IPv4 address space and deployed a malicious payload onto the affected ones. The contents and intentions of the payload are unknown, but it could be used to infect other clients or perform other malicious actions.

“On July 9, 2023, a Forge forum post was made about a RCE happening live on a server, managing to compromise the server and send the discord credentials of clients, indicating the spread to clients. The issue was nailed down to 3 mods; EnderCore, BDLib, and LogisticsPipes. However, this post did not go mainstream, and most were not aware,” MMPA said.

What you should do

The MMPA has issued a warning and advice for server admins and players to protect themselves from the exploit. They recommend updating or removing the vulnerable mods, installing a mod called PipeBlocker that mitigates the issue, and scanning all installed mods and files with tools such as jSus or jNeedle. They also urge mod developers to avoid using ObjectInputStream for serialization or switch to a safer alternative.

In addition to this, The MMPA is seeking more information on BleedingPipe and invites anyone who has knowledge or experience of the exploit to contact them via their Discord server or email.