Modded Minecraft Vulnerabilities

"Bleeding Pipe" as it has been deemed, is a malicious malware that has been identified among a handful of extremely popular mods and is making it's rounds across Minecraft server networks. Shockbyte has already taken the liberty of pre-installing the protective mod, "SerializationIsBad" on all of our modded-servers that use the Shockbyte modpack installer to ensure our servers are completely safe for customers and players. This malware is extremely dangerous and provides hackers fully-remote code execution on both players and servers using the infected mods.

This horrifying Minecraft-malware was originally found on a few extremely popular Curseforge mods with EnderIO and BDLib both being prime examples. The infected mods were not necessarily based on the Minecraft server version either, with infected servers being both 1.7.10 and 1.12.2 on some occasions (and all versions of Minecraft being susceptible.) Among the many Minecraft hacks this one has found itself infecting a wide plethora of mods with the full list (so far found) to be constantly updated here.

Minecraft Bleeding Pipe Infection

For average Minecraft players, they may not originally understand to what extent a "Minecraft Malware" may actually impact them as a server host, and more importantly as a player. The infected servers and player clients with the mods installed all have exploits within them allowing remote access through small coding "pipes" that allows bad actors to remotely run code on their computers to control a plethora of actions. Simply giving themselves Creative is only the start.

This small functionality for bad actors could allow full access to the player computer as well, transferring anything from personal data, bank information, and Minecraft login details across the same server you're playing on. In addition to this, these Minecraft hackers are able to fully control infected servers, providing themselves OP (operator status), changing settings on the server, and destroying all progress made by players. Unfortunately, some servers have already been attacked and videos on streams of this have been recorded of these exploits.

Timestamps and details of each action taken by hackers are in the video description.

History of the Bleeding Pipe Infection

Unfortunately, the Minecraft hack and infection of "Bleeding Pipe" has been around for over a year ago, first appearing in BDLib in March of 2022 where requests for updating old versions of the mod were made due to old versions having the Bleeding Pipe infection. Shockbyte always recommends using as up-to-date versions as possible for this reason as the lead developer promptly requested all old version users to promptly update their version types instead.

Since that time, several more vulnerabilities arose all matching the same description of the Bleeding Pipe infection (prior to it's naming) including a breach on July 9th of 2023 where Discord information was leaked through the exploit about players on an infected server, showing the infection's spread to player-clients. After these first findings, a mysterious mass-deployment was sent to all infected servers and it has yet to be determined what this will do. That brings us to now, where a significantly higher amount of mods appear infected as well.

How to Protect Yourself from Minecraft Hacks

Fortunately Shockbyte has been extremely attentive to this rising issue, and has quickly applied appropriate measures to all modded Minecraft servers to ensure our community will remain safe while enjoying their modded Minecraft experience. However if you would like to stay protected, installing SerializationIsBad client-side, protects you from any Minecraft server you connect to. If you install it server-side, it will protect your server and the players connecting from the malware.

If you're worried your PC is already infected, there are plenty of malware detecting programs out there, with jNeedle being Shockbyte's recommendation. Using jNeedle, you'll be able to specify a specific folder and it will search all .JAR files within, hunting for vulnerabilities similar to the "Bleeding Pipe" infection or otherwise. This is great for identifying if your system is currently compromised and letting you know that next steps need to be taken.