[Fractureiser] Powerful new malware circulating, but not detected by BitDefender

Afi

Recently, a highly sophisticated piece of malware has been infecting numerous PCs with executable Java binary files (.JAR files). Infesting mainly users of the Minecraft game, this virus is very sophisticated as it is able to replicate itself and infect all jar files on the user's computer. It was discovered less than 10 days ago. The virus has a very vicious installation process. Indeed, Minecraft users can modify their gaming experience by downloading mods created by independent individuals, who distribute them on the Internet, notably on the online Minecraft modding platforms curseforge.com and modrinth.com. The problem is that this malware masquerades as Microsoft Edge and steals banking information/web browser cookies/Discord/Cryto accounts. The problem with this malware is that it replicates itself in every .jar on people's machines and if a mod developer shares an infected jar it can infect many other computers. I've done my own tests with the virus on a secure environment (isolated virtual machine) and Bitdefender detects absolutely nothing) it lets all requests from this virus through. I therefore ask the community to be extremely vigilant and I ask the person who administers BitDefender to work as quickly as possible on a recognition of the malware.

If you're interested in this disease and want to know how to detect it and how it works, I've attached some resources that talk about it in detail... Tools have been proposed by Curse forge team to find out if you are infected, it would be appreciated if Bitdefender could add this check.

Curse Forge Article : https://support.curseforge.com/en/support/solutions/articles/9000228509-june-2023-infected-mods-detection-tool/?locale=fr#What-happened?

Github which discusses the malware in detail and how it works : https://github.com/fractureiser-investigation/fractureiser

Kaspersky Article : https://www.kaspersky.fr/blog/curseforge-compromised-fractureiser/20695/

Gjoksi

Hello.

You can share your findings with Bitdefender Consumer Support by chat, telephone or e-mail:

https://www.bitdefender.com/consumer/support/help/

Chat is the fastest way to get in touch with Bitdefender Consumer Support.

NOTE: Bitdefender telephone support is not toll-free!

Regards.

@Alexandru_BD @Mike_BD @camarie Kindly check on this. Thanks.

Flexx

https://community.bitdefender.com/en/discussion/96246/fractureiser-powerful-new-malware-circulating-but-not-detected-by-bitdefender

As checked the samples are already detected by bitdefender

https://www.virustotal.com/gui/file/507cd3f6b701dbdbba86b1cb9bf3ac2e80b8176d60e116970c372caeb7e39eba

https://www.virustotal.com/gui/file/8d00bb6e058390a2843a9236d31c6d0aa9a7966c4adf71689599a9b7a0c6ae19

https://www.virustotal.com/gui/file/511418fde9900f917055cf854c9a16078700a4031d746d151a5cdeda10c07b86

https://www.virustotal.com/gui/file/8915683dd6adc5e871806ff9b79015183f95c6c7311ecb0f3714b2b8de17ce48

https://www.virustotal.com/gui/file/ffbba21fab302033a24f889e03d87d3bf915dd39265156adc5e70f2914de3424

https://www.virustotal.com/gui/file/98b96e06b34560a957e86bcf5b5e4ac0a1254c5e8911e19d22bbae91accc208b

https://www.virustotal.com/gui/file/06cf8ad0dfc079bede63dbb6a190da885953e1f209e781baf088f015d474fa61

https://www.virustotal.com/gui/file/ffbba21fab302033a24f889e03d87d3bf915dd39265156adc5e70f2914de3424

https://www.virustotal.com/gui/file/1d1aaccdc13244e980c0c024610ecc77ea2674a33a52129edf1bb4ce3b2cc2fc

https://www.virustotal.com/gui/file/d79874c1a0040cb29418343c766d2f6c69cf8fa5ecd0629cac7cc60d69c4f107

Regards

Alexandru_BD

Hello,

Bitdefender detects 'Factureiser'.

The known hashes are detected with Trojan.Java.Fractureiser & Java.Trojan.Agent.(NX, NY, NZ, OA, OB, OC, OD, OE) & Java.Factureiser.A. If you have any hash that you think is not being detected, let us know. 🙂

Regards,

Alex