Think it would've been helpful to show the mod's icon, and maybe the crash context mod, but I also understand if you're unable to find it since the mods are already taken down. Also would've been nice to know what the mod actually did. The idea being people affected may be more likely to realize they're affected if they see a familiar mod icon or know what it did. I have a program called "WindowedBorderless" but it's not a Minecraft mod, but a standalone .exe that helps me resize certain games' windows and such and feel this may have gotten me worried for nother. xD
I personally don't think it's anywhere near as bad as what happened with Curseforge, with my understanding Curseforge initially refused to take down infected reuploads of open source mods until there was massive backlash. Modrinth has taken action essentially right as it was discovered and reported.
idk if the reuploads hqd malware or not (only malware on cf i heard was the fracturizer thing) but reuploads of open source mods would be legally fine. is it disrespectful to the original creator? maybe? but then don’t have your mod use an open source license and then complain when other do stuff the license allows
Fun fact: the mod named "Xenon" which is a fork of embeddium already has a borderless mode built into it. I know it's only for forge tho but still worth mentioning if anyone wants to just avoid getting borderless mods in the first place.
Bottom line... Modrinth was quick to spot this and be transparent about it, much more so than curseforge faced a similar situation. Only ~370 downloads before it was disclosed. Yet the clickbait thumbnail is what people see. They dont watch the video or listen to anything. Modrinth handled this in the best way possible, but farming views is more important than conveying that.
@@aggrocd1985 documenting the story? The way it happened indicates a clear issue with the way they have operated. And to my knowledge this still isnt fixed fully. Covering something later does not meant "doing it for views" it means u waited for all the information and the dust to settle so you can give a full account of what happened
I was unlucky myself and downloaded the mod. Luckily it was an older version where it only stole PC info. So I'm happy to have come out of it okay. I am very happy that Modrinth has been so transparent to inform us quickly!
Perhaps there is a way to make Modrinth safer: Promote FOSS mods, demote proprietary mods, and give FOSS mods having reproducible builds a seperate badge. Reproducible builds with FOSS mods is one of the ways to ensure nothing else gets mixed in the final product built with the source code at hand. Or in layman's terms, malicious intention will have to be public.
I'm not tech-savvy, but stick to popular mods if you don't want to get infected. Hackers won't create big mods to steal personal info, and the maintainer of the big mods would probably read every line of code submitted because their reputation and passion are on the line.
@@basic6735 the face behind the recent xz linux backdoor. they used social engineering to get trusted access by making lots of genuine contributions, and then inserted malware. Luckily it was caught early. they were also likely state sponsored, but the tactics could be used by anyone to exploit an over burdened maintainer
Thank you so much!! This was so helpful!! I did in fact download this by accident as a play a sever called Hoplite and as a custom server they provided a mod pack that did include this mod. So yes i did delete it but i do not know if the damage is still there. Please tell me more on what I should do? Love the vids!! i would have not know until I watched this vid that it was a malware, so many thanks!!
If you're still looking for an alternative there's a great program I use which can work with any game called Borderless Gaming. It requires a small amount of setup, but nothing too challenging. I'd recommend it.
Isn't that the purpose of windows 11 using tpm and pluton? Data scrub is useless if the data is encrypted. VBS virtualizes apps in their own sandbox to prevent say, a malicious process from accessing files? At least that's what I thought these systems were for. To make malware less threatening and easily removable.
I'm really surprised they don't have a built in sandbox system on their backend for checks like this. I'm even more surprised that people STILL don't scan the shit they download before installing or running. This was preventable on so many levels, both on Modrinths end as well as the end user's.
It's actually quite difficult to do sandbox testing on software. It just spits out a bunch of things the software is doing, and whether that's malicious behavior or not is quite tricky to determine especially in an automated toolchain. This becomes even harder when malware includes detections for VMs or lays dormant until a certain date. On the users end it's no different it's actually quite common for malware scanners to not detect a custom malware strain, they are nowhere near as foolproof as many people think. Typically Windows Defender should scream when it detects there is malware, however unless the malware is already known most scanners are just as defenseless.
Actually Modrinth performs antivirus checks on each file you upload to the platform, but... if you want to bypass an antivirus, and you know how to, you will bypass it.
@@Cygnus_MC from the Modrinth announcements channel & «We were scanning projects all day yesterday. *We can confirm that all projects created on Modrinth since it's beginning almost 3 years ago have been scanned and are not affected by the "fractureriser virus", and therefore are safe from the recent malware outbreak.* Modrinth was not affected by this attack. ... We will be resuming file moderation for all project types. New files (as before) will be allowed on the site. All new content will still be scanned for the virus before it is approved.»
I think they should just make an algorithm that checks for unregularities in the code and reports them to a real moderator to make sure it doest just randomly ban mods btw what shader where you using in the footage behind ?
In ur opinion Which is the BEST launcher to mod Minecraft? I’m new to Minecraft and mods in the whole game so downloading and adding files manually feels a bit risky for me.
Well I think that working on this algorithm is pretty much the best thing they can do to prevent another situation like that. Even if it wouldn't have full effectiveness. (I mean that isn't even possible without ACTUAL AI proficient in Java. But that's is going wey beyond just algorithm.)
So hey, I just got started with modded Minecraft, and there are some mods I want to download that aren't available on Modrinth so O have to use Curseforge. What I want to know is, how do I know if a curseforge mod is safe? (Y'know given the whole fracturizer fiasco from a year ago)
How about a tutorial video Lunar? I enjoy Redstone tutorials and I also appreciate your effort in research about mods. My favorite mod of all time is the Mekanism mods by Brady.
@@Cygnus_MC Speaking of MODS, what mods do you like best? As I mentioned in on of your other videos, I absolutely love MEKANISM by Brady. I also like the JEI mods and the JounreyMap.
Just going to drop this comment now, haven't finished the video yet so apologies if it comes up at all. For anyone looking to make any game, not just Minecraft, play in a borderless fullscreen mode there's a great application I use for the Bedrock edition of the game called Borderless Gaming. It takes a small amount of effort to set up, but it works very well and you can use it if you were affected by this mod containing malware.
Fml. I JUST installed modrinth a month ago. So much for "dedicated to vetting projects to protect users". I thought the whole reason they barely had any mods was that each one was being vetted.
@@Cygnus_MC I checked after I made the reaction and the blog also mentioned Firefox. At the time of the discord message it didn't mention any browser examples like Firefox. And it looks like the discord message is deleted now. Probably at the time of the video making modrinth wasn't clear about if it included firefox based browsers or not.
@@Cygnus_MC The thumbnail makes modrinth look like it's to blame, and can't be trusted. The start of the video also doesn't really do modrinth great in my opinion. Modrinth resolved it very quickly and let people know really fast about the issues that happened. I know you gotta do your usual clickbait or something to work on TH-cam, but implying modrinth is unsafe is just wrong If you think modrinth should have done a better job at moderating it, think about the hundreds of projects the content moderators need to go through every day, and that there are only two of them. Sure, they could have automated checks, but it's kind of difficult to do with jar files. People on modrinth discord also do decompile and check when someone comes and says "X is a virus!", the community tries to help them do their job
@@blrryface This video was intented to say "hey be carefull what you download", as modrinth at the time didnt have any new measures in place to prevent malware like this as i discussed later in the video. Now i did mention they are improving this, and that curseforge has the same issue, but that doesnt obsolve them from critisism. If u want a more positive look into modrinth, i suggest watching the video i interviewed them.
@@blrryface No ur not stupid, ur right to be critical! More people should be. Dont get me wrong i love modrinth, and i always use it above curse, but that doesnt mean its perfect u get me?
This is one of more than a few reasons (and the #1 reason) why I don't do mods. Other reasons include: * Mod/Loader incompatibilities * People growing too reliant on certain features to where they won't update until the mod updates or they "update" the mod themselves, and features that give a slight advantage over vanilla players using equivalent features (i.e. most minimap mods' "Last Death Point" versus the recovery compass and F3 screenshotting) * Mod/Mod incompatibilities * Server rules regarding certain client-side mods * "Wrong download link" if you don't have an adblocker, which will be less powerful with the next Chromium Manifest (Firefox ftw) * Mod dependencies * No Modding API * Bedrock Marketplace stealing hard work for a quick buck Any other reasons not to do mods that you can come up with?
Funny thing is curseforge has these cases much more they had a case qhere it had over 370 downloads before spotting it then taking it down 3 weeks later instead of immediatley
I'm going to have a controversial take here, there is a solution to check every jar file and not have a huge team that has to deal with everything for hours, you could idk have an AI do that, and this is why my take is controversial because everyone goes "boo AI bad" and yes for what we use it rn it's bad but imagne we run an AI that just has to glace through the code of jar files and determine if it's malware or not, and if it determines: yep malware, then we have a human also test it and say "yep this is malware" or go "no, this is false positive", could be a pretty simple tool to help unload on the small team of people that have to check every jar uploaded, and now also supposedly check every update because malware exploitation otherwise it's the trust system (which now having been exploited is exposed), or a large team to check every jar and update which also doesn't work either way a small issue sure, but can snowball into a big issue which is why you addressed it
Yeah, that’s every company right now working on the AI defense system for Malware and viruses, but unfortunately, this will take some time for the AI to learn correctly. not only that, but they’re also trying to make their sandbox emulation for the test so the AI can test the mods to verify if they are safe or not this also will take some time to figure out how to make it,
Malware detection using AI is the dream and main project of most if not all antivirus. But it’s not as simple as it sounds. Things like ChatGPT or so are good at code (actually no they’re bad but that’s an entire different topic), but they use millions of lines of code to do so (Hello GitHub) And while there is malware databases, there is just so many ways to create a malware and hide its purpose in plain sight using legitimates methods than AIs are having a very bad time with static code reviews. And because it’s also legitimate to stop your code from being analyzed that way, a pirate can use anti-reverse engineering strategies and still seem legitimate… And dynamic analysis is … well detectable by the software, so sometimes the malware start by reviewing the environment to see if it’s in a testing environnement…
@@sniper201minecr yeah it will take time you are right, but atleast it seems like my idea is not as farfetched as I initially thought, speed also depends on the size of the company so modrinth may take ages (assuming they take the plunger) and then comes the counters, it's an endless battle like the immune system vs viruses and bacterias
There is also a issue with AI in malware defense since you can train AI to defeat AI. The cat and mouse race is not over by applying AI. This is basically what we already have with tools detecting AI images or texts and generative AI becoming better at outsmarting those tools as well. The data to feed the model is quite tricky as well, for one getting training data is not that easy especially since this should have a focus on jar mods (which is not that common in the wild) the performance of the model will be hugely impacted by the training data. What to data points the AI should look out for is similarly a big question and part of the research. Sandboxes have the drawback that detection methods exist and if the malware lays dormant inside a Sandbox it won't leave any malicious traces, similarly looking trough the entire bytecode is quite a noisy process and additionally it may have blind spots especially with inclusion of code written in other languages.
Linux isn't immune from malware, especially in this context since Java malware can execute on any computer with java installed (which people playing Minecraft have it installed). Sometimes they do target specific operating systems but Java can execute on any OS, and can be made to infect all platforms.
Eh most of the time it doesn’t work right on Linux even if it does technically ‘run’ because people who make viruses often don’t put in the effort to make it cross platform and build in security measure are still resistant
For example for the other fracturizer malware that was technically cross platform. On Linux, [fractureiser] tries placing systemd unit files in /etc/systemd/system or ~/.config/systemd/user. The unit file it places in the user folder never works, because it tries using multi-user.target, which doesn't exist for user units. Oh yeah and it needs to be run as root.
This is not even to mention many people run Minecraft and its launchers on Linux in a self contained Flatpak that would never even be able to write the file in first place.
Modrinth IS kind of lacking in mods, tbf. Curseforge still has more content. However, the idea behind that smaller content library was you'd get safer mods that passed greater scrutiny. That clearly wasn't the case.@@amthystxx
@@justapotota4330 thats chicken and egg. The mods exist: the delay in porting them to modrinth's platform is security. Tekkit had oodles of mods on release because they had everything else everyone else had- and barely any vetting.
![ILLSLICK - KILLSHOT REMIX [FULL VERSION]](http://i.ytimg.com/vi/RIK8RrqIAzE/mqdefault.jpg)
Hey! So this is the first video i edited myself in a while, so let me know what you think!
Discord:
discord.gg/cygnusmc
thx for properly explaining why you want to cover such a small attack, def buying your weird stickers now!
Think it would've been helpful to show the mod's icon, and maybe the crash context mod, but I also understand if you're unable to find it since the mods are already taken down. Also would've been nice to know what the mod actually did. The idea being people affected may be more likely to realize they're affected if they see a familiar mod icon or know what it did.
I have a program called "WindowedBorderless" but it's not a Minecraft mod, but a standalone .exe that helps me resize certain games' windows and such and feel this may have gotten me worried for nother. xD
I personally don't think it's anywhere near as bad as what happened with Curseforge, with my understanding Curseforge initially refused to take down infected reuploads of open source mods until there was massive backlash.
Modrinth has taken action essentially right as it was discovered and reported.
Like i said, not as bad. But an indication more could be done
Well they took it down before more people could download it meanwhile curseforge would just go "oh that's fine lalala"
idk if the reuploads hqd malware or not (only malware on cf i heard was the fracturizer thing) but reuploads of open source mods would be legally fine. is it disrespectful to the original creator? maybe? but then don’t have your mod use an open source license and then complain when other do stuff the license allows
@@Cygnus_MC what else could they have done besides lock down even further than they already have?
@@EmiWi actually do some checks like curseforge does
The mod clearly is Working As Intended. It removes the border to hackers from your windows operating system.
hacked?
@@isoextensionI believe you missed the joke
@@batmanh8899 that was 2 months ago
@@isoextension I believe you missed the joke 2 months ago
@@batmanh8899 i did
This is why I play in true full screen instead
Chad mode
borderless Fullscreen is different from the Fullscreen in mc, like when you press the windows button it kicks you out of the game
Nah, I play in windowed
Fun fact: the mod named "Xenon" which is a fork of embeddium already has a borderless mode built into it. I know it's only for forge tho but still worth mentioning if anyone wants to just avoid getting borderless mods in the first place.
Im glad Modrinth was quick to take action, unlike CF.
Bottom line... Modrinth was quick to spot this and be transparent about it, much more so than curseforge faced a similar situation. Only ~370 downloads before it was disclosed. Yet the clickbait thumbnail is what people see. They dont watch the video or listen to anything. Modrinth handled this in the best way possible, but farming views is more important than conveying that.
Thats... not the point? Im not farming vieuws?
@@Cygnus_MC what's the point?
@@aggrocd1985 documenting the story? The way it happened indicates a clear issue with the way they have operated. And to my knowledge this still isnt fixed fully. Covering something later does not meant "doing it for views" it means u waited for all the information and the dust to settle so you can give a full account of what happened
I was unlucky myself and downloaded the mod. Luckily it was an older version where it only stole PC info. So I'm happy to have come out of it okay.
I am very happy that Modrinth has been so transparent to inform us quickly!
Sorry that happened to you, hope your pc info is safe now buddy
I thought I was cooked cuz I used "Borderless Mining"
Perhaps there is a way to make Modrinth safer: Promote FOSS mods, demote proprietary mods, and give FOSS mods having reproducible builds a seperate badge.
Reproducible builds with FOSS mods is one of the ways to ensure nothing else gets mixed in the final product built with the source code at hand. Or in layman's terms, malicious intention will have to be public.
I'm not tech-savvy, but stick to popular mods if you don't want to get infected. Hackers won't create big mods to steal personal info, and the maintainer of the big mods would probably read every line of code submitted because their reputation and passion are on the line.
Jia Tan would like a word
@@BooleanDev Jia Tan?
@@basic6735 the face behind the recent xz linux backdoor. they used social engineering to get trusted access by making lots of genuine contributions, and then inserted malware. Luckily it was caught early.
they were also likely state sponsored, but the tactics could be used by anyone to exploit an over burdened maintainer
@@basic6735xz exploit
Who wants to bet the malware was added just for the lulz of using it on an unsuspecting streamer
Who would do that
@@Cygnus_MC happened to sodapoppin like 8 different times back in the day, to my understanding
@Cygnus_MC you under estimate people
Thank you so much!! This was so helpful!!
I did in fact download this by accident as a play a sever called Hoplite and as a custom server they provided a mod pack that did include this mod. So yes i did delete it but i do not know if the damage is still there. Please tell me more on what I should do?
Love the vids!! i would have not know until I watched this vid that it was a malware, so many thanks!!
Man, I have this mod.
I'm going to go remove it, thanks pal
Send me a copy of it first. I couldnt find one
make sure you follow the modrinth instructions for complete removal
If you're still looking for an alternative there's a great program I use which can work with any game called Borderless Gaming. It requires a small amount of setup, but nothing too challenging. I'd recommend it.
@@GlimmerSprings Thanks but I dont need it anymore.
I have moved to fabric anf it has couple of mods for alternatives.
Appreciate the advice tho!
Will it get to a point where we have an Anti-Mal mod for minecraft?
Would be cool
We already have them
you mean like pipeblocker?
Cinematic minecraft shot with commentating now u need some parkour and there we go😃
Bruh i used to do that
one solution could be to run Minecraft in a sanboxed environment, like Flatpak on Linux
Good point!
Malware is great and all but whats your favorite ice cream flavor
Strawberry
@@Cygnus_MC A safe choice, uncontroversial...
The fact that this is happening is about as scary as the DS3 release drama where invaders could straight up hack your pc by punching you.
Damn I remember when this channel's subs was in the single digit thousands
Glad to see it go up
Glad to see you sticking around
@Cygnus_MC You will never stop me from using the 2x fps mod.
Isn't that the purpose of windows 11 using tpm and pluton? Data scrub is useless if the data is encrypted. VBS virtualizes apps in their own sandbox to prevent say, a malicious process from accessing files? At least that's what I thought these systems were for. To make malware less threatening and easily removable.
Cant wait for you to blow up keep up the absolutely brilliant content
Thanks!
@@Cygnus_MC No thank you for the great content
I'm really surprised they don't have a built in sandbox system on their backend for checks like this. I'm even more surprised that people STILL don't scan the shit they download before installing or running. This was preventable on so many levels, both on Modrinths end as well as the end user's.
It's actually quite difficult to do sandbox testing on software. It just spits out a bunch of things the software is doing, and whether that's malicious behavior or not is quite tricky to determine especially in an automated toolchain. This becomes even harder when malware includes detections for VMs or lays dormant until a certain date.
On the users end it's no different it's actually quite common for malware scanners to not detect a custom malware strain, they are nowhere near as foolproof as many people think. Typically Windows Defender should scream when it detects there is malware, however unless the malware is already known most scanners are just as defenseless.
Yo, I can see your channel continue to bloooow up, dont quit
This was expected, I knew it would happen eventually. Once 1 person does it, everyone else will try it.
oh my goodness dude this video popped while i was on the site looking at a mod video and nearly poo'd my pants
Actually Modrinth performs antivirus checks on each file you upload to the platform, but... if you want to bypass an antivirus, and you know how to, you will bypass it.
According to modrinth themselves they dont do checks at all
@@Cygnus_MC from the Modrinth announcements channel &
«We were scanning projects all day yesterday. *We can confirm that all projects created on Modrinth since it's beginning almost 3 years ago have been scanned and are not affected by the "fractureriser virus", and therefore are safe from the recent malware outbreak.* Modrinth was not affected by this attack.
...
We will be resuming file moderation for all project types. New files (as before) will be allowed on the site. All new content will still be scanned for the virus before it is approved.»
@@aleks-ivanovthats different from a general antivirus check
@@aleks-ivanov They did a manual scan through all files, they do not scan all files *on* upload.
I think they should just make an algorithm that checks for unregularities in the code and reports them to a real moderator to make sure it doest just randomly ban mods
btw what shader where you using in the footage behind ?
oh no not fcking again
anybody else rolling with BorderlessMinecraft.exe from their downloads folder from 2 years ago?
In ur opinion
Which is the BEST launcher to mod Minecraft?
I’m new to Minecraft and mods in the whole game so downloading and adding files manually feels a bit risky for me.
Personally i use MultiMC, but that can be very complex for a beginner. Id stick to Modrinth for now, as their launcher is actually pretty safe
Prism
I hope I dont get Malware I use modrinth everyday
To be honest, even 3 hours is really impressive.
It is yeah
Well I think that working on this algorithm is pretty much the best thing they can do to prevent another situation like that. Even if it wouldn't have full effectiveness. (I mean that isn't even possible without ACTUAL AI proficient in Java. But that's is going wey beyond just algorithm.)
So hey, I just got started with modded Minecraft, and there are some mods I want to download that aren't available on Modrinth so O have to use Curseforge.
What I want to know is, how do I know if a curseforge mod is safe? (Y'know given the whole fracturizer fiasco from a year ago)
Use Prism and avoid all that.
Great, now every update will need a review. We can't have nice things.
How about a tutorial video Lunar? I enjoy Redstone tutorials and I also appreciate your effort in research about mods. My favorite mod of all time is the Mekanism mods by Brady.
Im not smart enough for tutorials ngl, tho maybe i can show how the basics of a mod work? :3
@@Cygnus_MC Speaking of MODS, what mods do you like best? As I mentioned in on of your other videos, I absolutely love MEKANISM by Brady. I also like the JEI mods and the JounreyMap.
@Cyberjjc my favorite one would be create. But honestly i love fabric seasons! Its a small mod that adds so much
Great video, very informative and flow was great!
We can't have a nice things...
Just going to drop this comment now, haven't finished the video yet so apologies if it comes up at all. For anyone looking to make any game, not just Minecraft, play in a borderless fullscreen mode there's a great application I use for the Bedrock edition of the game called Borderless Gaming. It takes a small amount of effort to set up, but it works very well and you can use it if you were affected by this mod containing malware.
yet an other complain about the lack of container
Can't get inflected by malware if I play MCJE on mobile :P
Well... Unless people start targeting it too 👀
fuck , I just want play minecraft with mods
Where can I download it.
can't they use virustotal api?
is the malware already removed now or what?
@@StormHunter264 as said, it was removed rather quickly
Fml. I JUST installed modrinth a month ago. So much for "dedicated to vetting projects to protect users". I thought the whole reason they barely had any mods was that each one was being vetted.
they cant vet every update, it simply isnt possible without massive manpower
Everyone downloads Borderless Mining because it's in Fabolously Optimized. (I just learned that there is a mode called Windows Borderless.)
It's not only chromium I think, I thought they said in the discord they mistakenly said in the blog it was only chromium.
Interesting, i only had the blogpost to go off off
@@Cygnus_MC I checked after I made the reaction and the blog also mentioned Firefox. At the time of the discord message it didn't mention any browser examples like Firefox. And it looks like the discord message is deleted now.
Probably at the time of the video making modrinth wasn't clear about if it included firefox based browsers or not.
so that's mean my whole computer has malware
No?
We gotta quit giving these shits cool ass names. It will only encourage people to make more.
Yes, Modrinth is safe.
As safe as it can be ye
i am a modder using modrinth TY
on god some people in the comment section are just purely ignoring and hating on modrinth lmao
great video, really surprising
Algor
Pebble
Thanks for always making so good videos about these things!
Yw!!
My question is, are you a rock or a potato?
Rock
@@Cygnus_MC that makes more sense with the pebble tier for Patrons
Pebble :3
pebble
how is this posted 1 hour ago but there are 1 day old comments 😭
Early acces for members :3
This is really late, you should tell people it was resolved within a week at the start
Or this is more a critique about how the system works rather then just news
@@Cygnus_MC The thumbnail makes modrinth look like it's to blame, and can't be trusted.
The start of the video also doesn't really do modrinth great in my opinion.
Modrinth resolved it very quickly and let people know really fast about the issues that happened. I know you gotta do your usual clickbait or something to work on TH-cam, but implying modrinth is unsafe is just wrong
If you think modrinth should have done a better job at moderating it, think about the hundreds of projects the content moderators need to go through every day, and that there are only two of them. Sure, they could have automated checks, but it's kind of difficult to do with jar files. People on modrinth discord also do decompile and check when someone comes and says "X is a virus!", the community tries to help them do their job
If I sound stupid, forgive me it's 7 am and I'm just a tiny bit too mad about the way modrinth was portrayed
@@blrryface This video was intented to say "hey be carefull what you download", as modrinth at the time didnt have any new measures in place to prevent malware like this as i discussed later in the video. Now i did mention they are improving this, and that curseforge has the same issue, but that doesnt obsolve them from critisism. If u want a more positive look into modrinth, i suggest watching the video i interviewed them.
@@blrryface No ur not stupid, ur right to be critical! More people should be. Dont get me wrong i love modrinth, and i always use it above curse, but that doesnt mean its perfect u get me?
This is one of more than a few reasons (and the #1 reason) why I don't do mods. Other reasons include:
* Mod/Loader incompatibilities
* People growing too reliant on certain features to where they won't update until the mod updates or they "update" the mod themselves, and features that give a slight advantage over vanilla players using equivalent features (i.e. most minimap mods' "Last Death Point" versus the recovery compass and F3 screenshotting)
* Mod/Mod incompatibilities
* Server rules regarding certain client-side mods
* "Wrong download link" if you don't have an adblocker, which will be less powerful with the next Chromium Manifest (Firefox ftw)
* Mod dependencies
* No Modding API
* Bedrock Marketplace stealing hard work for a quick buck
Any other reasons not to do mods that you can come up with?
epic video!
yes curseforge is safe and modrinth is just a malware
Thats not true tho
Funny thing is curseforge has these cases much more they had a case qhere it had over 370 downloads before spotting it then taking it down 3 weeks later instead of immediatley
I'm going to have a controversial take here, there is a solution to check every jar file and not have a huge team that has to deal with everything for hours, you could idk have an AI do that, and this is why my take is controversial because everyone goes "boo AI bad" and yes for what we use it rn it's bad but imagne we run an AI that just has to glace through the code of jar files and determine if it's malware or not, and if it determines: yep malware, then we have a human also test it and say "yep this is malware" or go "no, this is false positive", could be a pretty simple tool to help unload on the small team of people that have to check every jar uploaded, and now also supposedly check every update because malware exploitation
otherwise it's the trust system (which now having been exploited is exposed), or a large team to check every jar and update which also doesn't work
either way a small issue sure, but can snowball into a big issue which is why you addressed it
Yeah, that’s every company right now working on the AI defense system for Malware and viruses, but unfortunately, this will take some time for the AI to learn correctly. not only that, but they’re also trying to make their sandbox emulation for the test so the AI can test the mods to verify if they are safe or not this also will take some time to figure out how to make it,
Malware detection using AI is the dream and main project of most if not all antivirus. But it’s not as simple as it sounds. Things like ChatGPT or so are good at code (actually no they’re bad but that’s an entire different topic), but they use millions of lines of code to do so (Hello GitHub)
And while there is malware databases, there is just so many ways to create a malware and hide its purpose in plain sight using legitimates methods than AIs are having a very bad time with static code reviews. And because it’s also legitimate to stop your code from being analyzed that way, a pirate can use anti-reverse engineering strategies and still seem legitimate…
And dynamic analysis is … well detectable by the software, so sometimes the malware start by reviewing the environment to see if it’s in a testing environnement…
@@sniper201minecr yeah it will take time you are right, but atleast it seems like my idea is not as farfetched as I initially thought, speed also depends on the size of the company so modrinth may take ages (assuming they take the plunger) and then comes the counters, it's an endless battle like the immune system vs viruses and bacterias
There is also a issue with AI in malware defense since you can train AI to defeat AI. The cat and mouse race is not over by applying AI.
This is basically what we already have with tools detecting AI images or texts and generative AI becoming better at outsmarting those tools as well.
The data to feed the model is quite tricky as well, for one getting training data is not that easy especially since this should have a focus on jar mods (which is not that common in the wild) the performance of the model will be hugely impacted by the training data.
What to data points the AI should look out for is similarly a big question and part of the research. Sandboxes have the drawback that detection methods exist and if the malware lays dormant inside a Sandbox it won't leave any malicious traces, similarly looking trough the entire bytecode is quite a noisy process and additionally it may have blind spots especially with inclusion of code written in other languages.
just don't have malware lol
womp womp
More malware hahahhhhahahhhah
1 hour gang 👇
too bad should've used linux
Linux isn't immune from malware, especially in this context since Java malware can execute on any computer with java installed (which people playing Minecraft have it installed). Sometimes they do target specific operating systems but Java can execute on any OS, and can be made to infect all platforms.
brother in christ linux aint immune to malware
Eh most of the time it doesn’t work right on Linux even if it does technically ‘run’ because people who make viruses often don’t put in the effort to make it cross platform and build in security measure are still resistant
For example for the other fracturizer malware that was technically cross platform. On Linux, [fractureiser] tries placing systemd unit files in /etc/systemd/system or ~/.config/systemd/user. The unit file it places in the user folder never works, because it tries using multi-user.target, which doesn't exist for user units. Oh yeah and it needs to be run as root.
This is not even to mention many people run Minecraft and its launchers on Linux in a self contained Flatpak that would never even be able to write the file in first place.
1 view in 1 minute bro fell off 😭
real
so did your jokes hzisjdudoojc'zkndjzkdo
64 in 4 minutes, dead channel
instagram ahh comment
😐
curseforge is better
I wouldnt say that
Modrinth IS kind of lacking in mods, tbf. Curseforge still has more content. However, the idea behind that smaller content library was you'd get safer mods that passed greater scrutiny. That clearly wasn't the case.@@amthystxx
@@bodaciouschad the content library isn't smaller for safety reasons, it's smaller because it hasn't been around for ages like CurseForge
@@justapotota4330 thats chicken and egg. The mods exist: the delay in porting them to modrinth's platform is security. Tekkit had oodles of mods on release because they had everything else everyone else had- and barely any vetting.
good i st4yed with curseforge then i gue$s