Source: https://www.reddit.com/r/minecraftcli…utm_name=iossmf
It is suggested that everyone check if this malware is on their computer. The author of the thread suggests doing a complete computer reset if the malware is found on your computer. There is no current origin of this malware.
How to know if you have the malware.
- Navigate to this folder: C:\Users\(username)\AppData\Roaming\.minecraft\libraries\net\minecraftforge\injector\forgedefault
- If a file named injector-forgedefault exists, then it is suggested to completely reset your computer.
According to the Reddit thread, this is all the information it can get from you:
- injects itself into forge profile when you run it grabs your ip, operating system name, computer username, and some hwid
- grabs your discord token, discord username, email, if you have 2fa enabled, phone number, if you have nitro, and if you have any linked payment methods
- grabs your minecraft session token, name, and uuid
- grabs all of the mods in your mods folder takes a screenshot of your screen
- grabs the minecraft accounts you have logged into the minecraft launcher
- grabs your chrome login data file
- grabs filezilla servers
- grabs sharex configs grabs your future client login details
- grabs your minecraft accounts from future client manager
- grabs your waypoints from future client
- grabs your waypoints from salhack
- grabs your minecraft accounts from rusherhack manager
- grabs your waypoints from rusherhack
- grabs your minecraft accounts from pyro manager
- grabs some weird server stuff from pyro idek what this is
- grabs your konas files which i assume have waypoints and stuff
- grabs your waypoints from kami blue
- grabs everything from journeymap
- grabs source code from recent intellij projects
- and all of that is being sent to one of 5 discord webhooks