Minecraft targeted via BleedingPipe RCE vulnerability exploitation

Minecraft servers are being compromised with attacks leveraging the BleedingPipe remote code execution flaw in various Minecraft mods, which seek to facilitate total device takeovers, BleepingComputer reports. While initial in-the-wild exploitation of the BleedingPipe vulnerability was immediately addressed in March 2022, threat actors were noted in a Forge forum post to have commenced large-scale abuse of the zero-day RCE earlier last month in an effort to exfiltrate Discord and Steam session cookies, according to a report from the Minecraft security community, or MMPA. Minecraft mods discovered to be impacted by the flaw include EnderCore versions older than 1.12.2-0.5.77, BDLib 1.7 through 1.12, LogisticsPipes versions older than 0.10.0.71, Brazier, Advent of Ascension (Nevermine) version 1.12.2, Gadomancy, Smart Moving 1.12, DankNull, Minecraft Comes Alive (MCA) versions 1.5.2 through 1.6.4, Astral Sorcery versions 1.9.1 and older, JourneyMap versions below 1.16.5-5.7.2, RebornCore versions below 4.7.3, and Thaumic Tinkerer versions below 2.3-138. However, significantly more mods may be affected by BleedingPipe, said MMPA, which recommended immediate updates and the application of the PipeBlocker mod to better protect forge servers and clients.