Go to file
Una 7caf019e0f
2024-06-06 15:15:17 -07:00
.github Update CONTRIBUTING.md 2023-06-09 17:28:30 -07:00
decomp Restructured repo structure for better user-facing communication (#16) 2023-06-07 13:49:15 -05:00
docs Markdownnnnnnn 2024-06-06 15:15:17 -07:00
lang Korean translation (#108) 2023-09-19 00:22:19 -07:00
.gitignore Add agenda item regarding mods that download external executable files (#63) 2023-06-07 20:04:16 -05:00
COPYING add CC-BY-SA 4.0 license 2023-06-08 11:11:11 -07:00
LICENSE add CC-BY-SA 4.0 license 2023-06-08 11:11:11 -07:00
README.md MRP rebrand pt 2 2024-06-06 15:09:38 -07:00
fractureiser.png Add high-res PNG logo 2023-06-09 16:50:48 -07:00


fractureiser logo

Translations to other languages:

These were made at varying times in this document's history and may be outdated — especially the current status in README.md.


fractureiser is a virus found in several Minecraft projects uploaded to CurseForge and BukkitDev. The malware is embedded in multiple mods, some of which were added to highly popular modpacks. The malware is only known to target Windows and Linux.

If left unchecked, fractureiser can be INCREDIBLY DANGEROUS to your machine. Please read through this document for the info you need to keep yourself safe.

We've dubbed this malware fractureiser because that's the name of the CurseForge account that uploaded the most notable malicious files.

Current Investigation Status

The fractureiser event has ended — no follow-up Stage0s were ever discovered and no further evidence of activity has been discovered in the past 3 months. A third C&C was never stood up to our knowledge.

A copycat malware is still possible — and likely inevitable — but fractureiser is dead. Systems that are already infected are still cause for concern, and the below user documentation is still relevant.

Follow-Up Meeting

On 2023-06-08 the fractureiser Mitigation Team held a meeting with notable members of the community to discuss preventive measures and solutions for future problems of this scale. See this page for the agenda and minutes of the event.

BlanketCon Panel

emilyploszaj and jaskarth, core members of the team, held a panel at BlanketCon 23 about the fractureiser mitigation effort. You can find a recording of the panel by quat on YouTube.

What YOU need to know

Modded Players CLICK HERE

If you're simply a mod player and not a developer, the above link is all you need. It contains surface level information of the malware's effects, steps to check if you have it and how to remove it, and an FAQ.

Anyone who wishes to dig deeper may also look at

I have never used any Minecraft mods

You are not infected.

Additional Info

We've stopped receiving new unique samples, so the sample submission inbox is closed. If you would like to get in contact with the team, please shoot an email to mrp@trigram.org.

If you copy portions of this document elsewhere, please put a prominent link back to this GitHub Repository somewhere near the top so that people can read the latest updates and get in contact.

The only official public channel that this team ever used for coordination was #cfmalware on EsperNet. We have no affiliation with any Discord guilds.

Do not ask for samples. If you have experience and credentials, that's great, but we have no way to verify this without using up tons of our team's limited time. Sharing malware samples is dangerous, even among people who know what they're doing.

- the fractureiser Mitigation Team