Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trigram-mrp/fractureiser

Information about the fractureiser malware (June 2023)
https://github.com/trigram-mrp/fractureiser

Last synced: 21 days ago
JSON representation

Information about the fractureiser malware (June 2023)

Awesome Lists containing this project

README 

        


	fractureiser logo




**Translations to other languages:**



*These were made at varying times in this document's history and **may be outdated** — especially the current status in README.md.*



* [简体中文版本见此](./lang/zh-CN/)

* [Polska wersja](./lang/pl-PL/)

* [Читать на русском языке](./lang/ru-RU/)

* [한국어는 이곳으로](./lang/ko-KR/)

* Many others that are unfinished can be found in [Pull Requests](https://github.com/fractureiser-investigation/fractureiser/pulls)



## What?

`fractureiser` is a [virus](https://en.wikipedia.org/wiki/Computer_virus) found in several Minecraft projects uploaded to CurseForge and BukkitDev. The malware is embedded in multiple mods, some of which were added to highly popular modpacks. The malware is only known to target Windows and Linux.



If left unchecked, fractureiser can be **INCREDIBLY DANGEROUS** to your machine. Please read through this document for the info you need to keep yourself safe.



We've dubbed this malware fractureiser because that's the name of the CurseForge account that uploaded the most notable malicious files.  



## Current Investigation Status

The fractureiser event has ended — no follow-up Stage0s were ever discovered and no further evidence of activity has been discovered in the past 3 months.

A third C&C was never stood up to our knowledge.



A copycat malware is still possible — and likely inevitable — but *fractureiser* is dead. **Systems that are already infected are still cause for concern**, and the below user documentation is still relevant.



## Follow-Up Meeting

On 2023-06-08 the fractureiser Mitigation Team held a meeting with notable members of the community to discuss preventive measures and solutions for future problems of this scale.

See [this page](https://github.com/fractureiser-investigation/fractureiser/blob/main/docs/2023-06-08-meeting.md) for the agenda and minutes of the event.



## BlanketCon Panel

emilyploszaj and jaskarth, core members of the team, held a panel at BlanketCon 23 about the fractureiser mitigation effort. You can find a [recording of the panel by quat on YouTube](https://youtu.be/9eBmqHAk9HI).



## What YOU need to know



### [Modded Players CLICK HERE](docs/users.md)



If you're simply a mod player and not a developer, the above link is all you need. It contains surface level information of the malware's effects, steps to check if you have it and how to remove it, and an FAQ.



Anyone who wishes to dig deeper may also look at

* [Event Timeline](docs/timeline.md)

* [Technical Breakdown](docs/tech.md)



### I have never used any Minecraft mods

You are not infected.



## Additional Info



We've stopped receiving new unique samples, so the sample submission inbox is closed. If you would like to get in contact with the team, please shoot an email to `[email protected]`.



If you copy portions of this document elsewhere, *please* put a prominent link back to this [GitHub Repository](https://github.com/fractureiser-investigation/fractureiser) somewhere near the top so that people can read the latest updates and get in contact.



The **only** official public channel that this team ever used for coordination was #cfmalware on EsperNet. ***We have no affiliation with any Discord guilds.***



**Do not ask for samples.** If you have experience and credentials, that's great, but we have no way to verify this without using up tons of our team's limited time. Sharing malware samples is dangerous, even among people who know what they're doing.



---



\- the [fractureiser Mitigation Team](docs/credits.md)