Anyone who has downloaded stuff other than addons through Curseforge you may want to run a Malware scanner

Apparently Curseforge got compromised earlier this day and many files are filled with malware. There are several sources reporting it, from Reddit to seperate discords. Also had a case in my second guilds Discord.

If you have downloaded/updated any files other than addons I highly advise to run a malware scanner.

I would also advise to better not download anything curseforge related for at least a day and not updating your addons for a day wont have a noticeable impact on your experience unless you hit the magic mark where stuff like DBM refuses to work if not updated for half an eternity.

Also from reddit:

Before you panic just know that wow addons can’t infect your pc just by downloading and running them in wow, it would basically be not worth the effort for anyone to try attack wow users in this way, this looks targeted at minecraft mods and not us. The attackers would need to include an executable file in the addon and you would have to actually go into the addons folder and run it manually, the regular user doesn’t even look to see what’s inside an addon let alone start clicking random new exe files in there. There’s no mention anywhere yet of any wow addon accounts being compromised.

Also

Good to know. However i rather stay safe than sorry and just wait til tomorrow. Not updating addons for a day wont affect me in a noteworthy manner. Plus i use curseforge for more than just WoW and i assume so do others. I guess i can update the thread title tho

Sheeesh

The joys of not regularly checking for updates

Me who hasnt updated raiderio in 181 days : i will take that into consideration

If I updated yesterday, am I safe? O.o

Good choice. Also, I myself update my addons like maybe once every 2-3 weeks.

I mean read what Heramaar and Annaonda posted. But even in regards of non addons you should be fine if you did it yesterday since apparently that breach happened during the night.

Why can’t Blizzard just implement weakaura as an addon into their game, so we don’t get exposed to risks from third party !!!

Given the “quality” blizzard puts into their integrated stuff I will stick with third party websites. I mean even now I cant use their edit mode without wanting to end my existence.

more reasons for bliz to actually put work into the game rather than us looking for a third party site for basic WoW needs

They would do better to higher these addons devs since I frankly give them more credit in being able to get stuff done compared to every single Blizzard employee. Problem with weakaura however for instance is that well…very many devs for a lot of Weakauras.

But its even the minor things. Like I cant separate the debuffs in the blizzard UI. I cant track specific buffs or debuffs on my target etc. Stuff like this should be in the default UI. Like if i want to track the debuffs on me i couldnt care less about a big butt hero debuff being there as well (or other similar irrelevant debuffs)

Exactly, we play one of the most expensive games in the entire world, and they can’t even give us sufficient UI on their own, so we have to risk installing addons by cyberattack-vulnerable small addon developpers.

This only affected Minecraft users.

we’re good as long as CF client itself didn’t get compromised

I would still say dont download anything until the whole matter has been completely resolved. Not like not updating for a day or something in the middle of the tier would break your addons.

Well, I uninstalled the client, then removed addons manually, and ran an extensive offline virus check after. I personally don’t trust people, when their money is on the line…

RaiderIO is on Wago, isn’t it? Not Curseforge. Or updated via the separate app (which is the only WoW related thing I have set to run automatically when I start my PC, so I rather hope it is LOL).

out of all things, it had to be Minecraft