e.g. https://www.curseforge.com/minecraft/mc-mods/crystal-craft
https://www.curseforge.com/minecraft/mc-mods/enchanted-tools

Someone’s investigation (and original reddit thread):

Downloaded a few versions of “mystical beasts”, extracted them, and ran commands like diff -urN mystical-beasts_Beta_Client_Fabric_1.20.1/ mystical-beasts_Release_Server_Fabric_1.16.5.

They came up… completely identical! Curse disallows uploading jars with the same hash but it looks like each one contains some amount of random crap after the zip footer; always an exact number of kilobytes too (mystical-beasts_Release_Client_Fabric_1.20.1 contains exactly 17 kilobytes of garbage data appended to the file, Server_Fabric_1.16.5 contains exactly 21kb, etc) What’s also funny is that the mods.toml - yes, it’s actually a Forge mod - contained within all the jars i looked at claims to exclusively support 1.19.4.

The mod itself is an MCreator mod with assorted random shit. There’s a dimension but nothing in it afaik. It adds polished_blackstone_brick_wall to minecraft:overworld_carver_replaceables. There’s a recipe for crafting iron blocks into rooted dirt. You get an advancement called “Advancemnts” [sic] when you go to a beach. There’s a weird “procedure” (mcreator’s bizarre programming language) but I don’t think anything calls it? It also contains a shitton of ripped assets from minecraft (under assets/examplemod/textures/block/) probably to pad the filesize more.

I took a cursory glance with a decompiler and didn’t find anything obviously malicious.

Endless Trash, Everywhere, Forever, all powered by AI! AI is the future :)

  • elrac@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Thankfully both of the linked mods have been taken down. Have to be vigilant when downloading mods.