Impact
What kind of vulnerability is it? Who is impacted?
Someone impersonating AuroraLS3 released a version "5.61" containing malware 'Opium Backdoor' on Modrinth between 2025-02-15 and 2025-03-11.
On 2025-03-11 an affected user informed AuroraLS3 of impersonation who then informed Modrinth content moderation team for further actions.
Anyone who has installed the plugin through Modrinth download between 2025-02-15 and 2025-03-11 is affected.
Patches
Has the problem been patched? What versions should users upgrade to?
The affected files have been deleted from Modrinth. You can download a clean version of the plugin from Github releases. https://github.com/plan-player-analytics/Plan/releases
Modrinth content moderation team has helped AuroraLS3 reclaim the project URL https://modrinth.com/plugin/plan - The downloads through Modrinth are now clean of malware.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
There are claims that the malware injects itself into all other installed plugins once launched. Your whole server may be compromised so a full reinstall from a backup is recommended.
Other recommended actions
If you're affected please zip up your plugin jars and send them to coolbot100s on Modrinth discord so that they can sample the malware and prevent further distribution. https://discord.modrinth.com/
References
Are there any links users can visit to find out more?
None at this time.
Impact
What kind of vulnerability is it? Who is impacted?
Someone impersonating AuroraLS3 released a version "5.61" containing malware 'Opium Backdoor' on Modrinth between 2025-02-15 and 2025-03-11.
On 2025-03-11 an affected user informed AuroraLS3 of impersonation who then informed Modrinth content moderation team for further actions.
Anyone who has installed the plugin through Modrinth download between 2025-02-15 and 2025-03-11 is affected.
Patches
Has the problem been patched? What versions should users upgrade to?
The affected files have been deleted from Modrinth. You can download a clean version of the plugin from Github releases. https://github.com/plan-player-analytics/Plan/releases
Modrinth content moderation team has helped AuroraLS3 reclaim the project URL https://modrinth.com/plugin/plan - The downloads through Modrinth are now clean of malware.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
There are claims that the malware injects itself into all other installed plugins once launched. Your whole server may be compromised so a full reinstall from a backup is recommended.
Other recommended actions
If you're affected please zip up your plugin jars and send them to coolbot100s on Modrinth discord so that they can sample the malware and prevent further distribution. https://discord.modrinth.com/
References
Are there any links users can visit to find out more?
None at this time.