This has reached GitHub's Ears

[The-NinToaster]

Hey everyone, I am part of the GitHub Campus Experts program and I just want to let you know that I have raised this issue to my supervisor, who is forwarding it to his team on GitHub, who can reach out to Microsoft and by extension, probably Mojang.

Let's hope this reaches Mojang's ears soon! If there is anything the team needs help with from GitHub proper, I can deliver the message to my supervisor.

Good Luck!

[ItzSwirlz]

We live to serve! Thanks!

[intergrav]

very happy to see this! ❤️

[youngchief-btw]

Thank you so much for forwarding this! We hope to hear back soon!

[The-NinToaster]

No problem guys, I'm forwarding any important updates (specially the one where Curseforge may not have been the initial vector) and I'm asking if there is any way we can get this expedited to Microsoft as this is starting to look like a NASTY security issue, has the team considered giving Oracle a call?

I can send a message to Oracle and see if they say anything back to me if it helps Edit: went to the irc channel and so far it seems this isnt a jvm level issue so i'm holding off for now

[canitzp]

for easier communication and instant update on our findings, you can join the corresponding irc: https://webchat.esper.net/?channels=cfmalware Ask a mod to get the ability to write

[The-NinToaster]

for easier communication and instant update on our findings, you can join the corresponding irc: https://webchat.esper.net/?channels=cfmalware Ask a mod to get the ability to write

Yeah I am on the irc channel, i have dms open with emi as well

[xyzeva]

The best action to do here is to really alert MS of this to add to their windows defender signatures, that will reduce the current infections.

[The-NinToaster]

The best action to do here is to really alert MS of this to add to their windows defender signatures, that will reduce the current infections.

my supervisor has basically put this issue on blast all over github offices teams, and may have reached out to microsoft proper, right now I have no updates as to what microsoft is doing, but i am updating github on the matter as we speak

[The-NinToaster]

The best action to do here is to really alert MS of this to add to their windows defender signatures, that will reduce the current infections.

my supervisor has basically put this issue on blast all over github offices teams, and may have reached out to microsoft proper, right now I have no updates as to what microsoft is doing, but i am updating github on the matter as we speak

I BRING UPDATES: MY SUPERVISOR HAS CONTACTED THE DEFENDER TEAM AND MOJANG AS WELL

[Krutonium]

Does it ultimately matter who their supervisor is?

[Ignited550]

yes, they need a medal

[SilverAndro]

Can confirm defender is detecting at least 1 part now if not more, downloading a bundle of a bunch of the malicious files causes it to react

[The-NinToaster]

Can confirm defender is detecting at least 1 part now if not more, downloading a bundle of a bunch of the malicious files causes it to react

Sick!!

[Flipt-al]

Thanks for your work and to everyone here for letting me work with you for a decent amount of time

[The-NinToaster]

Since we can comment on issues again, I am posting this update here for future reference

[macks2008]

Wonderful news. Does that mean users should be able to update their definitions to detect this, or not yet? Sorry, I'm not sure how Windows versioning works, in my experience Windows just updates when it wants to.

[HyperHaxStudios]

Great news! Glad to hear that GitHub and Microsoft are working together to stop Fractureiser. Hopefully Microsoft and Mojang stops this soon. Thanks for letting us know about this virus and your work into stopping it.

[Janmm14]

Great news! Glad to hear that GitHub and Microsoft are working together to stop Fractureiser. Hopefully Microsoft and Mojang stops this soon. Thanks for letting us know about this virus and your work into stopping it.

All work is already done tho.

[HyperHaxStudios]

Great news! Glad to hear that GitHub and Microsoft are working together to stop Fractureiser. Hopefully Microsoft and Mojang stops this soon. Thanks for letting us know about this virus and your work into stopping it.

All work is already done tho.

I know. I realized I was late to the party. Still nice to know tho.

[macks2008]

It occurs to me one thing we may want to ask for next time we get an audience such as this with Microsoft or one of its subsidiaries: Better sandboxing support in Windows. Granted this was github and not Microsoft directly, but it was close enough to be discussing Defender patches so.... 💀

[unascribed]

People keep replying to this long after it has run its course, so I've locked it.