Microsoft Detected a common trojan script in the .jar file. Defender classified it as Severe.
Thank You,
wolf_hunter9660

Hello, I have just uploaded the source cloth-config-11.0.99.jar that I uploaded to CurseForge to VirusTotal, and it came out safe from all the antiviruses (including Microsoft Defender).

VT: https://www.virustotal.com/gui/file/4091017e8c5eb4cac83a8e44d38aa41252b96104425de722988e813619ee9aae

It is very possible that your system is infected with a virus that injects all jars, please read more along https://github.com/fractureiser-investigation/fractureiser

Cloth Config is safe, however, in the event that your system is not infected with the virus I just linked. Please contact me through Discord (you can join through https://discord.gg/Vs9AVkxjYY) or through Twitter (@shedaniel_ notice the underscore). I would like to get a sample of your injected jar. This is a very serious issue, and I wish you the best.

Update on the situation. I have checked out fractureiser investigation aswell as did a full jar infection scan with nothing found.

I originally downloaded the jar file via modrinth, so i tried downloading it via curseforge with no issues or detection which i found odd. hopefully this information would help.

Thank you for your support on the issue,
wolf_hunter9660

Would you mind sending the (supposedly infected) jar over as for investigation?

Hello there, just adding my two cents, I just downloaded the mod for 1.20 on Modrinth and Windows Defender detected it when trying to run it on Fabric

I downloaded the mod for 1.20/fabric from Modrinth and Curseforge today (6/9/23), and both were detected by windows defender as Trojan:Script/Wacatac.B!ml

I too got this warning from Microsoft defender.

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AScript%2FWacatac.B!ml&threatid=2147735503

I downloaded the 1.20 Fabric version from Modrinth.

I used the scanning tool linked above and there was no evidence of infection and I have no used any of the mods that were discovered to be infected or downloaded any mods from Curseforge during the period where compromised accounts were believed to exist.

I suspect that this is a false positive from MS Defender.

Please contact me through the methods above or via email [email protected] with your jar. I would like to collect more information about this.

Again, uploading the jar to VirusTotal says it is not infected.

Thank you everyone for your comments, it was determined that this is a false positive by Microsoft Defender, and now no longer flags Cloth Config as a trojan.

I will close this issue, please continue to reach out if you have further questions about this.