>>53924488Cursed forge is not comprised, it’s only a select few popular mods/modpacks. The malware spreads by scanning your machine for other mod .jars and injecting a bootstrapper into the java byte code. So if a mod dev downloads an infected mod, runs it, the bootstrapper compromises their computer with malware and spreads to any other mod it can find. So if the dev later decides to update their own mod on cursedforge, they unintentionally uploaded malware.
You won’t get fractureiser by just downloading something from cursed forge. HOWEVER
>Do not download and run any mods updated after April>Do not run any mods shared by players that have been downloaded/modified after April. Even if the cursedforge page for a mod hasn’t been updated in months, the player sharing the mod may have unknowingly compromised itAs of right now vpaddons, pixelmon, and the rest of the server modpack are clean. Jannies should avoid updating until the investigation of fractureiser is finished (which should be soon since the retards who made it accidentally uploaded part of the source code). We should probably record the checksums of the current modlist.
