u/sangaruma

Hello everyone, I wanted to alert the community and the CurseForge team about a critical security issue with the Jujutsu Craft (JJC) mod.

I have already submitted a formal report to Overwolf Support with the following evidence:

VirusTotal: 68/75 detections on the main file.

MITRE ATT&CK: Evidence of process injection and defense evasion.

Suspicious Activity: The mod attempts to use icacls commands to modify system permissions in the AppData folder.

My previous attempts to warn people in the mod's specific subreddit resulted in an immediate ban from their moderators, which is highly suspicious. I'm sharing this here to ensure CurseForge users stay safe while the support team reviews the ticket. Be careful!

Recientemente analicé los archivos más recientes de Jujutsu Craft de CurseForge y encontré un grave riesgo de seguridad. VirusTotal muestra 68 de 75 detecciones, identificándolo como un troyano de acceso remoto (RAT) y un módulo RMS.

Esto no es un falso positivo. Parece que los archivos han sido comprometidos.

Evidencia: https://www.virustotal.com/gui/file/094247a33bf9c4a741a17fee9ecd1eb5879c97f107ae784af81cfc0f1eee26c9/summary

Clarification on the scan results

To those seeing 0/59 on the .jar file: The malware is NOT inside the Java code itself, it's in the additional files that the mod creates or bundles in the folder.